Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Linux Analysis Report
boatnet.x86_64.elf

Overview

General Information

Sample name:boatnet.x86_64.elf
Analysis ID:1589461
MD5:709b104e746f24f3b18f7a1118c18bf0
SHA1:c1735eb637560a097d7a451601bb9ca2e8706e21
SHA256:abbd8780d40c95322f51410e0c77e22f3cb85a1e820ce62c604d3237c24089f1
Tags:elfuser-abuse_ch
Infos:

Detection

Mirai
Score:76
Range:0 - 100
Whitelisted:false

Signatures

Malicious sample detected (through community Yara rule)
Multi AV Scanner detection for submitted file
Yara detected Mirai
Machine Learning detection for sample
Sample is packed with UPX
Sample tries to kill multiple processes (SIGKILL)
Creates hidden files and/or directories
Detected TCP or UDP traffic on non-standard ports
ELF contains segments with high entropy indicating compressed/encrypted content
Enumerates processes within the "proc" file system
Sample contains only a LOAD segment without any section mappings
Sample tries to kill a process (SIGKILL)
Uses the "uname" system call to query kernel version information (possible evasion)
Yara signature match

Classification

General Information

Joe Sandbox version:42.0.0 Malachite
Analysis ID:1589461
Start date and time:2025-01-12 15:48:16 +01:00
Joe Sandbox product:CloudBasic
Overall analysis duration:0h 5m 13s
Hypervisor based Inspection enabled:false
Report type:full
Cookbook file name:defaultlinuxfilecookbook.jbs
Analysis system description:Ubuntu Linux 20.04 x64 (Kernel 5.4.0-72, Firefox 91.0, Evince Document Viewer 3.36.10, LibreOffice 6.4.7.2, OpenJDK 11.0.11)
Analysis Mode:default
Sample name:boatnet.x86_64.elf
Detection:MAL
Classification:mal76.spre.troj.evad.linELF@0/0@2/0

Runtime Messages

Command:/tmp/boatnet.x86_64.elf
PID:5566
Exit Code:0
Exit Code Info:
Killed:False
Standard Output:
lzrd cock fest"/proc/"/exe
Standard Error:

Process Tree

  • system is lnxubuntu20
  • wrapper-2.0 (PID: 5573, Parent: 3172, MD5: ac0b8a906f359a8ae102244738682e76) Arguments: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 /usr/lib/x86_64-linux-gnu/xfce4/panel/plugins/libsystray.so 6 12582920 systray "Notification Area" "Area where notification icons appear"
  • wrapper-2.0 (PID: 5574, Parent: 3172, MD5: ac0b8a906f359a8ae102244738682e76) Arguments: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 /usr/lib/x86_64-linux-gnu/xfce4/panel/plugins/libstatusnotifier.so 7 12582921 statusnotifier "Status Notifier Plugin" "Provides a panel area for status notifier items (application indicators)"
  • wrapper-2.0 (PID: 5575, Parent: 3172, MD5: ac0b8a906f359a8ae102244738682e76) Arguments: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 /usr/lib/x86_64-linux-gnu/xfce4/panel/plugins/libpulseaudio-plugin.so 8 12582922 pulseaudio "PulseAudio Plugin" "Adjust the audio volume of the PulseAudio sound system"
  • wrapper-2.0 (PID: 5576, Parent: 3172, MD5: ac0b8a906f359a8ae102244738682e76) Arguments: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 /usr/lib/x86_64-linux-gnu/xfce4/panel/plugins/libxfce4powermanager.so 9 12582923 power-manager-plugin "Power Manager Plugin" "Display the battery levels of your devices and control the brightness of your display"
    • xfpm-power-backlight-helper (PID: 5595, Parent: 5576, MD5: 3d221ad23f28ca3259f599b1664e2427) Arguments: /usr/sbin/xfpm-power-backlight-helper --get-max-brightness
  • wrapper-2.0 (PID: 5577, Parent: 3172, MD5: ac0b8a906f359a8ae102244738682e76) Arguments: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 /usr/lib/x86_64-linux-gnu/xfce4/panel/plugins/libnotification-plugin.so 10 12582924 notification-plugin "Notification Plugin" "Notification plugin for the Xfce panel"
  • wrapper-2.0 (PID: 5578, Parent: 3172, MD5: ac0b8a906f359a8ae102244738682e76) Arguments: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 /usr/lib/x86_64-linux-gnu/xfce4/panel/plugins/libactions.so 14 12582925 actions "Action Buttons" "Log out, lock or other system actions"
  • xfconfd (PID: 5594, Parent: 5593, MD5: 4c7a0d6d258bb970905b19b84abcd8e9) Arguments: /usr/lib/x86_64-linux-gnu/xfce4/xfconf/xfconfd
  • systemd New Fork (PID: 5603, Parent: 2955)
  • xfce4-notifyd (PID: 5603, Parent: 2955, MD5: eee956f1b227c1d5031f9c61223255d1) Arguments: /usr/lib/x86_64-linux-gnu/xfce4/notifyd/xfce4-notifyd
  • cleanup

Malware Threat Intel

Provided by

NameDescriptionAttributionBlogpost URLsLink
MiraiMirai is one of the first significant botnets targeting exposed networking devices running Linux. Found in August 2016 by MalwareMustDie, its name means "future" in Japanese. Nowadays it targets a wide range of networked embedded devices such as IP cameras, home routers (many vendors involved), and other IoT devices. Since the source code was published on "Hack Forums" many variants of the Mirai family appeared, infecting mostly home networks all around the world.No Attributionhttps://malpedia.caad.fkie.fraunhofer.de/details/elf.mirai

Yara Signatures

Memory Dumps

SourceRuleDescriptionAuthorStrings
5569.1.0000000000400000.0000000000414000.r-x.sdmpJoeSecurity_Mirai_8Yara detected MiraiJoe Security
    5569.1.0000000000400000.0000000000414000.r-x.sdmpLinux_Trojan_Gafgyt_28a2fe0cunknownunknown
    • 0x118d0:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
    • 0x118e4:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
    • 0x118f8:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
    • 0x1190c:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
    • 0x11920:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
    • 0x11934:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
    • 0x11948:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
    • 0x1195c:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
    • 0x11970:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
    • 0x11984:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
    • 0x11998:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
    • 0x119ac:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
    • 0x119c0:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
    • 0x119d4:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
    • 0x119e8:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
    • 0x119fc:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
    • 0x11a10:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
    • 0x11a24:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
    • 0x11a38:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
    • 0x11a4c:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
    • 0x11a60:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
    5569.1.0000000000400000.0000000000414000.r-x.sdmpLinux_Trojan_Gafgyt_9e9530a7unknownunknown
    • 0xf068:$a: F6 48 63 FF B8 36 00 00 00 0F 05 48 3D 00 F0 FF FF 48 89 C3
    5569.1.0000000000400000.0000000000414000.r-x.sdmpLinux_Trojan_Gafgyt_807911a2unknownunknown
    • 0xf857:$a: FE 48 39 F3 0F 94 C2 48 83 F9 FF 0F 94 C0 84 D0 74 16 4B 8D
    5569.1.0000000000400000.0000000000414000.r-x.sdmpLinux_Trojan_Gafgyt_ea92cca8unknownunknown
    • 0x11e30:$a: 53 65 6C 66 20 52 65 70 20 46 75 63 6B 69 6E 67 20 4E 65 54 69 53 20 61 6E 64
    Click to see the 49 entries

    Suricata Signatures

    No Suricata rule has matched

    Joe Sandbox Signatures

    Click to jump to signature section

    Show All Signature Results

    AV Detection

    barindex
    Multi AV Scanner detection for submitted file
    Source: boatnet.x86_64.elfVirustotal: Detection: 26%Perma Link
    Source: boatnet.x86_64.elfReversingLabs: Detection: 47%
    Machine Learning detection for sample
    Source: boatnet.x86_64.elfJoe Sandbox ML: detected
    Source: global trafficTCP traffic: 192.168.2.14:39384 -> 94.158.245.27:3778
    Source: unknownTCP traffic detected without corresponding DNS query: 94.158.245.27
    Source: unknownTCP traffic detected without corresponding DNS query: 94.158.245.27
    Source: unknownTCP traffic detected without corresponding DNS query: 94.158.245.27
    Source: unknownTCP traffic detected without corresponding DNS query: 94.158.245.27
    Source: unknownTCP traffic detected without corresponding DNS query: 94.158.245.27
    Source: unknownTCP traffic detected without corresponding DNS query: 94.158.245.27
    Source: unknownTCP traffic detected without corresponding DNS query: 94.158.245.27
    Source: unknownTCP traffic detected without corresponding DNS query: 94.158.245.27
    Source: unknownTCP traffic detected without corresponding DNS query: 94.158.245.27
    Source: unknownTCP traffic detected without corresponding DNS query: 94.158.245.27
    Source: unknownTCP traffic detected without corresponding DNS query: 94.158.245.27
    Source: unknownTCP traffic detected without corresponding DNS query: 94.158.245.27
    Source: unknownTCP traffic detected without corresponding DNS query: 94.158.245.27
    Source: unknownTCP traffic detected without corresponding DNS query: 94.158.245.27
    Source: unknownTCP traffic detected without corresponding DNS query: 94.158.245.27
    Source: unknownTCP traffic detected without corresponding DNS query: 94.158.245.27
    Source: unknownTCP traffic detected without corresponding DNS query: 94.158.245.27
    Source: unknownTCP traffic detected without corresponding DNS query: 94.158.245.27
    Source: unknownTCP traffic detected without corresponding DNS query: 94.158.245.27
    Source: unknownTCP traffic detected without corresponding DNS query: 94.158.245.27
    Source: unknownTCP traffic detected without corresponding DNS query: 94.158.245.27
    Source: unknownTCP traffic detected without corresponding DNS query: 94.158.245.27
    Source: unknownTCP traffic detected without corresponding DNS query: 94.158.245.27
    Source: unknownTCP traffic detected without corresponding DNS query: 94.158.245.27
    Source: unknownTCP traffic detected without corresponding DNS query: 94.158.245.27
    Source: unknownTCP traffic detected without corresponding DNS query: 94.158.245.27
    Source: unknownTCP traffic detected without corresponding DNS query: 94.158.245.27
    Source: unknownTCP traffic detected without corresponding DNS query: 94.158.245.27
    Source: unknownTCP traffic detected without corresponding DNS query: 94.158.245.27
    Source: unknownTCP traffic detected without corresponding DNS query: 94.158.245.27
    Source: unknownTCP traffic detected without corresponding DNS query: 94.158.245.27
    Source: unknownTCP traffic detected without corresponding DNS query: 94.158.245.27
    Source: unknownTCP traffic detected without corresponding DNS query: 94.158.245.27
    Source: unknownTCP traffic detected without corresponding DNS query: 94.158.245.27
    Source: unknownTCP traffic detected without corresponding DNS query: 94.158.245.27
    Source: unknownTCP traffic detected without corresponding DNS query: 94.158.245.27
    Source: unknownTCP traffic detected without corresponding DNS query: 94.158.245.27
    Source: unknownTCP traffic detected without corresponding DNS query: 94.158.245.27
    Source: unknownTCP traffic detected without corresponding DNS query: 94.158.245.27
    Source: unknownTCP traffic detected without corresponding DNS query: 94.158.245.27
    Source: unknownTCP traffic detected without corresponding DNS query: 94.158.245.27
    Source: unknownTCP traffic detected without corresponding DNS query: 94.158.245.27
    Source: unknownTCP traffic detected without corresponding DNS query: 94.158.245.27
    Source: unknownTCP traffic detected without corresponding DNS query: 94.158.245.27
    Source: unknownTCP traffic detected without corresponding DNS query: 94.158.245.27
    Source: unknownTCP traffic detected without corresponding DNS query: 94.158.245.27
    Source: unknownTCP traffic detected without corresponding DNS query: 94.158.245.27
    Source: unknownTCP traffic detected without corresponding DNS query: 94.158.245.27
    Source: unknownTCP traffic detected without corresponding DNS query: 94.158.245.27
    Source: unknownTCP traffic detected without corresponding DNS query: 94.158.245.27
    Source: global trafficDNS traffic detected: DNS query: daisy.ubuntu.com
    Source: boatnet.x86_64.elfString found in binary or memory: http://upx.sf.net

    System Summary

    barindex
    Malicious sample detected (through community Yara rule)
    Source: 5569.1.0000000000400000.0000000000414000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_28a2fe0c Author: unknown
    Source: 5569.1.0000000000400000.0000000000414000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_9e9530a7 Author: unknown
    Source: 5569.1.0000000000400000.0000000000414000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_807911a2 Author: unknown
    Source: 5569.1.0000000000400000.0000000000414000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_ea92cca8 Author: unknown
    Source: 5569.1.0000000000400000.0000000000414000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_d4227dbf Author: unknown
    Source: 5569.1.0000000000400000.0000000000414000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_620087b9 Author: unknown
    Source: 5569.1.0000000000400000.0000000000414000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_0cd591cd Author: unknown
    Source: 5569.1.0000000000400000.0000000000414000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_33b4111a Author: unknown
    Source: 5569.1.0000000000400000.0000000000414000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_a33a8363 Author: unknown
    Source: 5569.1.0000000000400000.0000000000414000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Mirai_520deeb8 Author: unknown
    Source: 5569.1.0000000000400000.0000000000414000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Mirai_6a77af0f Author: unknown
    Source: 5569.1.0000000000400000.0000000000414000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Mirai_01e4a728 Author: unknown
    Source: 5569.1.0000000000400000.0000000000414000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Mirai_e0cf29e2 Author: unknown
    Source: 5569.1.0000000000400000.0000000000414000.r-x.sdmp, type: MEMORYMatched rule: Detects Mirai Botnet Malware Author: Florian Roth
    Source: 5566.1.0000000000400000.0000000000414000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_28a2fe0c Author: unknown
    Source: 5566.1.0000000000400000.0000000000414000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_9e9530a7 Author: unknown
    Source: 5566.1.0000000000400000.0000000000414000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_807911a2 Author: unknown
    Source: 5566.1.0000000000400000.0000000000414000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_ea92cca8 Author: unknown
    Source: 5566.1.0000000000400000.0000000000414000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_d4227dbf Author: unknown
    Source: 5566.1.0000000000400000.0000000000414000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_620087b9 Author: unknown
    Source: 5566.1.0000000000400000.0000000000414000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_0cd591cd Author: unknown
    Source: 5566.1.0000000000400000.0000000000414000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_33b4111a Author: unknown
    Source: 5566.1.0000000000400000.0000000000414000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_a33a8363 Author: unknown
    Source: 5566.1.0000000000400000.0000000000414000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Mirai_520deeb8 Author: unknown
    Source: 5566.1.0000000000400000.0000000000414000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Mirai_6a77af0f Author: unknown
    Source: 5566.1.0000000000400000.0000000000414000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Mirai_01e4a728 Author: unknown
    Source: 5566.1.0000000000400000.0000000000414000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Mirai_e0cf29e2 Author: unknown
    Source: 5568.1.0000000000400000.0000000000414000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_28a2fe0c Author: unknown
    Source: 5568.1.0000000000400000.0000000000414000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_9e9530a7 Author: unknown
    Source: 5568.1.0000000000400000.0000000000414000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_807911a2 Author: unknown
    Source: 5568.1.0000000000400000.0000000000414000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_ea92cca8 Author: unknown
    Source: 5568.1.0000000000400000.0000000000414000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_d4227dbf Author: unknown
    Source: 5568.1.0000000000400000.0000000000414000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_620087b9 Author: unknown
    Source: 5568.1.0000000000400000.0000000000414000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_0cd591cd Author: unknown
    Source: 5568.1.0000000000400000.0000000000414000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_33b4111a Author: unknown
    Source: 5568.1.0000000000400000.0000000000414000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_a33a8363 Author: unknown
    Source: 5568.1.0000000000400000.0000000000414000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Mirai_520deeb8 Author: unknown
    Source: 5568.1.0000000000400000.0000000000414000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Mirai_6a77af0f Author: unknown
    Source: 5568.1.0000000000400000.0000000000414000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Mirai_01e4a728 Author: unknown
    Source: 5568.1.0000000000400000.0000000000414000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Mirai_e0cf29e2 Author: unknown
    Source: 5566.1.0000000000400000.0000000000414000.r-x.sdmp, type: MEMORYMatched rule: Detects Mirai Botnet Malware Author: Florian Roth
    Source: 5568.1.0000000000400000.0000000000414000.r-x.sdmp, type: MEMORYMatched rule: Detects Mirai Botnet Malware Author: Florian Roth
    Source: Process Memory Space: boatnet.x86_64.elf PID: 5566, type: MEMORYSTRMatched rule: Linux_Trojan_Gafgyt_28a2fe0c Author: unknown
    Source: Process Memory Space: boatnet.x86_64.elf PID: 5566, type: MEMORYSTRMatched rule: Linux_Trojan_Gafgyt_ea92cca8 Author: unknown
    Source: Process Memory Space: boatnet.x86_64.elf PID: 5568, type: MEMORYSTRMatched rule: Linux_Trojan_Gafgyt_28a2fe0c Author: unknown
    Source: Process Memory Space: boatnet.x86_64.elf PID: 5568, type: MEMORYSTRMatched rule: Linux_Trojan_Gafgyt_ea92cca8 Author: unknown
    Source: Process Memory Space: boatnet.x86_64.elf PID: 5569, type: MEMORYSTRMatched rule: Linux_Trojan_Gafgyt_28a2fe0c Author: unknown
    Source: Process Memory Space: boatnet.x86_64.elf PID: 5569, type: MEMORYSTRMatched rule: Linux_Trojan_Gafgyt_ea92cca8 Author: unknown
    Sample tries to kill multiple processes (SIGKILL)
    Source: /tmp/boatnet.x86_64.elf (PID: 5567)SIGKILL sent: pid: 3129, result: successfulJump to behavior
    Source: /tmp/boatnet.x86_64.elf (PID: 5567)SIGKILL sent: pid: 3184, result: successfulJump to behavior
    Source: /tmp/boatnet.x86_64.elf (PID: 5567)SIGKILL sent: pid: 3187, result: successfulJump to behavior
    Source: /tmp/boatnet.x86_64.elf (PID: 5567)SIGKILL sent: pid: 3188, result: successfulJump to behavior
    Source: /tmp/boatnet.x86_64.elf (PID: 5567)SIGKILL sent: pid: 3189, result: successfulJump to behavior
    Source: /tmp/boatnet.x86_64.elf (PID: 5567)SIGKILL sent: pid: 3190, result: successfulJump to behavior
    Source: /tmp/boatnet.x86_64.elf (PID: 5567)SIGKILL sent: pid: 3193, result: successfulJump to behavior
    Source: /tmp/boatnet.x86_64.elf (PID: 5567)SIGKILL sent: pid: 3207, result: successfulJump to behavior
    Source: /tmp/boatnet.x86_64.elf (PID: 5567)SIGKILL sent: pid: 3215, result: successfulJump to behavior
    Source: /tmp/boatnet.x86_64.elf (PID: 5567)SIGKILL sent: pid: 3235, result: successfulJump to behavior
    Source: /tmp/boatnet.x86_64.elf (PID: 5567)SIGKILL sent: pid: 5569, result: successfulJump to behavior
    Source: /tmp/boatnet.x86_64.elf (PID: 5567)SIGKILL sent: pid: 5573, result: successfulJump to behavior
    Source: /tmp/boatnet.x86_64.elf (PID: 5567)SIGKILL sent: pid: 5574, result: successfulJump to behavior
    Source: /tmp/boatnet.x86_64.elf (PID: 5567)SIGKILL sent: pid: 5575, result: successfulJump to behavior
    Source: /tmp/boatnet.x86_64.elf (PID: 5567)SIGKILL sent: pid: 5576, result: successfulJump to behavior
    Source: /tmp/boatnet.x86_64.elf (PID: 5567)SIGKILL sent: pid: 5577, result: successfulJump to behavior
    Source: /tmp/boatnet.x86_64.elf (PID: 5567)SIGKILL sent: pid: 5578, result: successfulJump to behavior
    Source: /tmp/boatnet.x86_64.elf (PID: 5567)SIGKILL sent: pid: 5594, result: successfulJump to behavior
    Source: /tmp/boatnet.x86_64.elf (PID: 5567)SIGKILL sent: pid: 5603, result: successfulJump to behavior
    Source: LOAD without section mappingsProgram segment: 0x100000
    Source: /tmp/boatnet.x86_64.elf (PID: 5567)SIGKILL sent: pid: 3129, result: successfulJump to behavior
    Source: /tmp/boatnet.x86_64.elf (PID: 5567)SIGKILL sent: pid: 3184, result: successfulJump to behavior
    Source: /tmp/boatnet.x86_64.elf (PID: 5567)SIGKILL sent: pid: 3187, result: successfulJump to behavior
    Source: /tmp/boatnet.x86_64.elf (PID: 5567)SIGKILL sent: pid: 3188, result: successfulJump to behavior
    Source: /tmp/boatnet.x86_64.elf (PID: 5567)SIGKILL sent: pid: 3189, result: successfulJump to behavior
    Source: /tmp/boatnet.x86_64.elf (PID: 5567)SIGKILL sent: pid: 3190, result: successfulJump to behavior
    Source: /tmp/boatnet.x86_64.elf (PID: 5567)SIGKILL sent: pid: 3193, result: successfulJump to behavior
    Source: /tmp/boatnet.x86_64.elf (PID: 5567)SIGKILL sent: pid: 3207, result: successfulJump to behavior
    Source: /tmp/boatnet.x86_64.elf (PID: 5567)SIGKILL sent: pid: 3215, result: successfulJump to behavior
    Source: /tmp/boatnet.x86_64.elf (PID: 5567)SIGKILL sent: pid: 3235, result: successfulJump to behavior
    Source: /tmp/boatnet.x86_64.elf (PID: 5567)SIGKILL sent: pid: 5569, result: successfulJump to behavior
    Source: /tmp/boatnet.x86_64.elf (PID: 5567)SIGKILL sent: pid: 5573, result: successfulJump to behavior
    Source: /tmp/boatnet.x86_64.elf (PID: 5567)SIGKILL sent: pid: 5574, result: successfulJump to behavior
    Source: /tmp/boatnet.x86_64.elf (PID: 5567)SIGKILL sent: pid: 5575, result: successfulJump to behavior
    Source: /tmp/boatnet.x86_64.elf (PID: 5567)SIGKILL sent: pid: 5576, result: successfulJump to behavior
    Source: /tmp/boatnet.x86_64.elf (PID: 5567)SIGKILL sent: pid: 5577, result: successfulJump to behavior
    Source: /tmp/boatnet.x86_64.elf (PID: 5567)SIGKILL sent: pid: 5578, result: successfulJump to behavior
    Source: /tmp/boatnet.x86_64.elf (PID: 5567)SIGKILL sent: pid: 5594, result: successfulJump to behavior
    Source: /tmp/boatnet.x86_64.elf (PID: 5567)SIGKILL sent: pid: 5603, result: successfulJump to behavior
    Source: 5569.1.0000000000400000.0000000000414000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_28a2fe0c os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = a2c6beaec18ca876e8487c11bcc7a29279669588aacb7d3027d8d8df8f5bcead, id = 28a2fe0c-eed5-4c79-81e6-3b11b73a4ebd, last_modified = 2021-09-16
    Source: 5569.1.0000000000400000.0000000000414000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_9e9530a7 reference_sample = 01da73e0d425b4d97c5ad75c49657f95618b394d09bd6be644eb968a3b894961, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = d6ad6512051e87c8c35dc168d82edd071b122d026dce21d39b9782b3d6a01e50, id = 9e9530a7-ad4d-4a44-b764-437b7621052f, last_modified = 2021-09-16
    Source: 5569.1.0000000000400000.0000000000414000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_807911a2 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = f409037091b7372f5a42bbe437316bd11c655e7a5fe1fcf83d1981cb5c4a389f, id = 807911a2-f6ec-4e65-924f-61cb065dafc6, last_modified = 2021-09-16
    Source: 5569.1.0000000000400000.0000000000414000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_ea92cca8 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = aa4aee9f3d6bedd8234eaf8778895a0f5d71c42b21f2a428f01f121e85704e8e, id = ea92cca8-bba7-4a1c-9b88-a2d051ad0021, last_modified = 2021-09-16
    Source: 5569.1.0000000000400000.0000000000414000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_d4227dbf reference_sample = 01da73e0d425b4d97c5ad75c49657f95618b394d09bd6be644eb968a3b894961, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = 58c4b1d4d167876b64cfa10f609911a80284180e4db093917fea16fae8ccd4e3, id = d4227dbf-6ab4-4637-a6ba-0e604acaafb4, last_modified = 2021-09-16
    Source: 5569.1.0000000000400000.0000000000414000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_620087b9 reference_sample = 01da73e0d425b4d97c5ad75c49657f95618b394d09bd6be644eb968a3b894961, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = 06cd7e6eb62352ec2ccb9ed48e58c0583c02fefd137cd048d053ab30b5330307, id = 620087b9-c87d-4752-89e8-ca1c16486b28, last_modified = 2021-09-16
    Source: 5569.1.0000000000400000.0000000000414000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_0cd591cd os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = 96c4ff70729ddb981adafd8c8277649a88a87e380d2f321dff53f0741675fb1b, id = 0cd591cd-c348-4c3a-a895-2063cf892cda, last_modified = 2021-09-16
    Source: 5569.1.0000000000400000.0000000000414000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_33b4111a reference_sample = 01da73e0d425b4d97c5ad75c49657f95618b394d09bd6be644eb968a3b894961, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = 9c3b63b9a0f54006bae12abcefdb518904a85f78be573f0780f0a265b12d2d6e, id = 33b4111a-e59e-48db-9d74-34ca44fcd9f5, last_modified = 2021-09-16
    Source: 5569.1.0000000000400000.0000000000414000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_a33a8363 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = 74f964eaadbf8f30d40cdec40b603c5141135d2e658e7ce217d0d6c62e18dd08, id = a33a8363-5511-4fe1-a0d8-75156b9ccfc7, last_modified = 2021-09-16
    Source: 5569.1.0000000000400000.0000000000414000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Mirai_520deeb8 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = f4dfd1d76e07ff875eedfe0ef4f861bee1e4d8e66d68385f602f29cc35e30cca, id = 520deeb8-cbc0-4225-8d23-adba5e040471, last_modified = 2021-09-16
    Source: 5569.1.0000000000400000.0000000000414000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Mirai_6a77af0f os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = 4e436f509e7e732e3d0326bcbdde555bba0653213ddf31b43cfdfbe16abb0016, id = 6a77af0f-31fa-4793-82aa-10b065ba1ec0, last_modified = 2021-09-16
    Source: 5569.1.0000000000400000.0000000000414000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Mirai_01e4a728 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = d90477364982bdc6cd22079c245d866454475749f762620273091f2fab73c196, id = 01e4a728-7c1c-479b-aed0-cb76d64dbb02, last_modified = 2021-09-16
    Source: 5569.1.0000000000400000.0000000000414000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Mirai_e0cf29e2 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = 3f124c3c9f124264dfbbcca1e4b4d7cfcf3274170d4bf8966b6559045873948f, id = e0cf29e2-88d7-4aa4-b60a-c24626f2b246, last_modified = 2021-09-16
    Source: 5569.1.0000000000400000.0000000000414000.r-x.sdmp, type: MEMORYMatched rule: Mirai_Botnet_Malware date = 2016-10-04, hash5 = 420bf9215dfb04e5008c5e522eee9946599e2b323b17f17919cd802ebb012175, hash4 = 2efa09c124f277be2199bee58f49fc0ce6c64c0bef30079dfb3d94a6de492a69, hash3 = 20683ff7a5fec1237fc09224af40be029b9548c62c693844624089af568c89d4, hash2 = 05c78c3052b390435e53a87e3d31e9fb17f7c76bb4df2814313bca24735ce81c, hash1 = 05c78c3052b390435e53a87e3d31e9fb17f7c76bb4df2814313bca24735ce81c, author = Florian Roth, description = Detects Mirai Botnet Malware, hash10 = c61bf95146c68bfbbe01d7695337ed0e93ea759f59f651799f07eecdb339f83f, hash11 = d9573c3850e2ae35f371dff977fc3e5282a5e67db8e3274fd7818e8273fd5c89, hash12 = f1100c84abff05e0501e77781160d9815628e7fd2de9e53f5454dbcac7c84ca5, hash9 = bf0471b37dba7939524a30d7d5afc8fcfb8d4a7c9954343196737e72ea4e2dc4, hash8 = 89570ae59462e6472b6769545a999bde8457e47ae0d385caaa3499ab735b8147, hash7 = 70bb0ec35dd9afcfd52ec4e1d920e7045dc51dca0573cd4c753987c9d79405c0, hash6 = 62cdc8b7fffbaf5683a466f6503c03e68a15413a90f6afd5a13ba027631460c6, reference = Internal Research, license = https://creativecommons.org/licenses/by-nc/4.0/, hash13 = fb713ccf839362bf0fbe01aedd6796f4d74521b133011b408e42c1fd9ab8246b
    Source: 5566.1.0000000000400000.0000000000414000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_28a2fe0c os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = a2c6beaec18ca876e8487c11bcc7a29279669588aacb7d3027d8d8df8f5bcead, id = 28a2fe0c-eed5-4c79-81e6-3b11b73a4ebd, last_modified = 2021-09-16
    Source: 5566.1.0000000000400000.0000000000414000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_9e9530a7 reference_sample = 01da73e0d425b4d97c5ad75c49657f95618b394d09bd6be644eb968a3b894961, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = d6ad6512051e87c8c35dc168d82edd071b122d026dce21d39b9782b3d6a01e50, id = 9e9530a7-ad4d-4a44-b764-437b7621052f, last_modified = 2021-09-16
    Source: 5566.1.0000000000400000.0000000000414000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_807911a2 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = f409037091b7372f5a42bbe437316bd11c655e7a5fe1fcf83d1981cb5c4a389f, id = 807911a2-f6ec-4e65-924f-61cb065dafc6, last_modified = 2021-09-16
    Source: 5566.1.0000000000400000.0000000000414000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_ea92cca8 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = aa4aee9f3d6bedd8234eaf8778895a0f5d71c42b21f2a428f01f121e85704e8e, id = ea92cca8-bba7-4a1c-9b88-a2d051ad0021, last_modified = 2021-09-16
    Source: 5566.1.0000000000400000.0000000000414000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_d4227dbf reference_sample = 01da73e0d425b4d97c5ad75c49657f95618b394d09bd6be644eb968a3b894961, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = 58c4b1d4d167876b64cfa10f609911a80284180e4db093917fea16fae8ccd4e3, id = d4227dbf-6ab4-4637-a6ba-0e604acaafb4, last_modified = 2021-09-16
    Source: 5566.1.0000000000400000.0000000000414000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_620087b9 reference_sample = 01da73e0d425b4d97c5ad75c49657f95618b394d09bd6be644eb968a3b894961, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = 06cd7e6eb62352ec2ccb9ed48e58c0583c02fefd137cd048d053ab30b5330307, id = 620087b9-c87d-4752-89e8-ca1c16486b28, last_modified = 2021-09-16
    Source: 5566.1.0000000000400000.0000000000414000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_0cd591cd os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = 96c4ff70729ddb981adafd8c8277649a88a87e380d2f321dff53f0741675fb1b, id = 0cd591cd-c348-4c3a-a895-2063cf892cda, last_modified = 2021-09-16
    Source: 5566.1.0000000000400000.0000000000414000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_33b4111a reference_sample = 01da73e0d425b4d97c5ad75c49657f95618b394d09bd6be644eb968a3b894961, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = 9c3b63b9a0f54006bae12abcefdb518904a85f78be573f0780f0a265b12d2d6e, id = 33b4111a-e59e-48db-9d74-34ca44fcd9f5, last_modified = 2021-09-16
    Source: 5566.1.0000000000400000.0000000000414000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_a33a8363 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = 74f964eaadbf8f30d40cdec40b603c5141135d2e658e7ce217d0d6c62e18dd08, id = a33a8363-5511-4fe1-a0d8-75156b9ccfc7, last_modified = 2021-09-16
    Source: 5566.1.0000000000400000.0000000000414000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Mirai_520deeb8 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = f4dfd1d76e07ff875eedfe0ef4f861bee1e4d8e66d68385f602f29cc35e30cca, id = 520deeb8-cbc0-4225-8d23-adba5e040471, last_modified = 2021-09-16
    Source: 5566.1.0000000000400000.0000000000414000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Mirai_6a77af0f os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = 4e436f509e7e732e3d0326bcbdde555bba0653213ddf31b43cfdfbe16abb0016, id = 6a77af0f-31fa-4793-82aa-10b065ba1ec0, last_modified = 2021-09-16
    Source: 5566.1.0000000000400000.0000000000414000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Mirai_01e4a728 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = d90477364982bdc6cd22079c245d866454475749f762620273091f2fab73c196, id = 01e4a728-7c1c-479b-aed0-cb76d64dbb02, last_modified = 2021-09-16
    Source: 5566.1.0000000000400000.0000000000414000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Mirai_e0cf29e2 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = 3f124c3c9f124264dfbbcca1e4b4d7cfcf3274170d4bf8966b6559045873948f, id = e0cf29e2-88d7-4aa4-b60a-c24626f2b246, last_modified = 2021-09-16
    Source: 5568.1.0000000000400000.0000000000414000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_28a2fe0c os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = a2c6beaec18ca876e8487c11bcc7a29279669588aacb7d3027d8d8df8f5bcead, id = 28a2fe0c-eed5-4c79-81e6-3b11b73a4ebd, last_modified = 2021-09-16
    Source: 5568.1.0000000000400000.0000000000414000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_9e9530a7 reference_sample = 01da73e0d425b4d97c5ad75c49657f95618b394d09bd6be644eb968a3b894961, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = d6ad6512051e87c8c35dc168d82edd071b122d026dce21d39b9782b3d6a01e50, id = 9e9530a7-ad4d-4a44-b764-437b7621052f, last_modified = 2021-09-16
    Source: 5568.1.0000000000400000.0000000000414000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_807911a2 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = f409037091b7372f5a42bbe437316bd11c655e7a5fe1fcf83d1981cb5c4a389f, id = 807911a2-f6ec-4e65-924f-61cb065dafc6, last_modified = 2021-09-16
    Source: 5568.1.0000000000400000.0000000000414000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_ea92cca8 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = aa4aee9f3d6bedd8234eaf8778895a0f5d71c42b21f2a428f01f121e85704e8e, id = ea92cca8-bba7-4a1c-9b88-a2d051ad0021, last_modified = 2021-09-16
    Source: 5568.1.0000000000400000.0000000000414000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_d4227dbf reference_sample = 01da73e0d425b4d97c5ad75c49657f95618b394d09bd6be644eb968a3b894961, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = 58c4b1d4d167876b64cfa10f609911a80284180e4db093917fea16fae8ccd4e3, id = d4227dbf-6ab4-4637-a6ba-0e604acaafb4, last_modified = 2021-09-16
    Source: 5568.1.0000000000400000.0000000000414000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_620087b9 reference_sample = 01da73e0d425b4d97c5ad75c49657f95618b394d09bd6be644eb968a3b894961, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = 06cd7e6eb62352ec2ccb9ed48e58c0583c02fefd137cd048d053ab30b5330307, id = 620087b9-c87d-4752-89e8-ca1c16486b28, last_modified = 2021-09-16
    Source: 5568.1.0000000000400000.0000000000414000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_0cd591cd os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = 96c4ff70729ddb981adafd8c8277649a88a87e380d2f321dff53f0741675fb1b, id = 0cd591cd-c348-4c3a-a895-2063cf892cda, last_modified = 2021-09-16
    Source: 5568.1.0000000000400000.0000000000414000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_33b4111a reference_sample = 01da73e0d425b4d97c5ad75c49657f95618b394d09bd6be644eb968a3b894961, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = 9c3b63b9a0f54006bae12abcefdb518904a85f78be573f0780f0a265b12d2d6e, id = 33b4111a-e59e-48db-9d74-34ca44fcd9f5, last_modified = 2021-09-16
    Source: 5568.1.0000000000400000.0000000000414000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_a33a8363 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = 74f964eaadbf8f30d40cdec40b603c5141135d2e658e7ce217d0d6c62e18dd08, id = a33a8363-5511-4fe1-a0d8-75156b9ccfc7, last_modified = 2021-09-16
    Source: 5568.1.0000000000400000.0000000000414000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Mirai_520deeb8 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = f4dfd1d76e07ff875eedfe0ef4f861bee1e4d8e66d68385f602f29cc35e30cca, id = 520deeb8-cbc0-4225-8d23-adba5e040471, last_modified = 2021-09-16
    Source: 5568.1.0000000000400000.0000000000414000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Mirai_6a77af0f os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = 4e436f509e7e732e3d0326bcbdde555bba0653213ddf31b43cfdfbe16abb0016, id = 6a77af0f-31fa-4793-82aa-10b065ba1ec0, last_modified = 2021-09-16
    Source: 5568.1.0000000000400000.0000000000414000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Mirai_01e4a728 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = d90477364982bdc6cd22079c245d866454475749f762620273091f2fab73c196, id = 01e4a728-7c1c-479b-aed0-cb76d64dbb02, last_modified = 2021-09-16
    Source: 5568.1.0000000000400000.0000000000414000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Mirai_e0cf29e2 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = 3f124c3c9f124264dfbbcca1e4b4d7cfcf3274170d4bf8966b6559045873948f, id = e0cf29e2-88d7-4aa4-b60a-c24626f2b246, last_modified = 2021-09-16
    Source: 5566.1.0000000000400000.0000000000414000.r-x.sdmp, type: MEMORYMatched rule: Mirai_Botnet_Malware date = 2016-10-04, hash5 = 420bf9215dfb04e5008c5e522eee9946599e2b323b17f17919cd802ebb012175, hash4 = 2efa09c124f277be2199bee58f49fc0ce6c64c0bef30079dfb3d94a6de492a69, hash3 = 20683ff7a5fec1237fc09224af40be029b9548c62c693844624089af568c89d4, hash2 = 05c78c3052b390435e53a87e3d31e9fb17f7c76bb4df2814313bca24735ce81c, hash1 = 05c78c3052b390435e53a87e3d31e9fb17f7c76bb4df2814313bca24735ce81c, author = Florian Roth, description = Detects Mirai Botnet Malware, hash10 = c61bf95146c68bfbbe01d7695337ed0e93ea759f59f651799f07eecdb339f83f, hash11 = d9573c3850e2ae35f371dff977fc3e5282a5e67db8e3274fd7818e8273fd5c89, hash12 = f1100c84abff05e0501e77781160d9815628e7fd2de9e53f5454dbcac7c84ca5, hash9 = bf0471b37dba7939524a30d7d5afc8fcfb8d4a7c9954343196737e72ea4e2dc4, hash8 = 89570ae59462e6472b6769545a999bde8457e47ae0d385caaa3499ab735b8147, hash7 = 70bb0ec35dd9afcfd52ec4e1d920e7045dc51dca0573cd4c753987c9d79405c0, hash6 = 62cdc8b7fffbaf5683a466f6503c03e68a15413a90f6afd5a13ba027631460c6, reference = Internal Research, license = https://creativecommons.org/licenses/by-nc/4.0/, hash13 = fb713ccf839362bf0fbe01aedd6796f4d74521b133011b408e42c1fd9ab8246b
    Source: 5568.1.0000000000400000.0000000000414000.r-x.sdmp, type: MEMORYMatched rule: Mirai_Botnet_Malware date = 2016-10-04, hash5 = 420bf9215dfb04e5008c5e522eee9946599e2b323b17f17919cd802ebb012175, hash4 = 2efa09c124f277be2199bee58f49fc0ce6c64c0bef30079dfb3d94a6de492a69, hash3 = 20683ff7a5fec1237fc09224af40be029b9548c62c693844624089af568c89d4, hash2 = 05c78c3052b390435e53a87e3d31e9fb17f7c76bb4df2814313bca24735ce81c, hash1 = 05c78c3052b390435e53a87e3d31e9fb17f7c76bb4df2814313bca24735ce81c, author = Florian Roth, description = Detects Mirai Botnet Malware, hash10 = c61bf95146c68bfbbe01d7695337ed0e93ea759f59f651799f07eecdb339f83f, hash11 = d9573c3850e2ae35f371dff977fc3e5282a5e67db8e3274fd7818e8273fd5c89, hash12 = f1100c84abff05e0501e77781160d9815628e7fd2de9e53f5454dbcac7c84ca5, hash9 = bf0471b37dba7939524a30d7d5afc8fcfb8d4a7c9954343196737e72ea4e2dc4, hash8 = 89570ae59462e6472b6769545a999bde8457e47ae0d385caaa3499ab735b8147, hash7 = 70bb0ec35dd9afcfd52ec4e1d920e7045dc51dca0573cd4c753987c9d79405c0, hash6 = 62cdc8b7fffbaf5683a466f6503c03e68a15413a90f6afd5a13ba027631460c6, reference = Internal Research, license = https://creativecommons.org/licenses/by-nc/4.0/, hash13 = fb713ccf839362bf0fbe01aedd6796f4d74521b133011b408e42c1fd9ab8246b
    Source: Process Memory Space: boatnet.x86_64.elf PID: 5566, type: MEMORYSTRMatched rule: Linux_Trojan_Gafgyt_28a2fe0c os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = a2c6beaec18ca876e8487c11bcc7a29279669588aacb7d3027d8d8df8f5bcead, id = 28a2fe0c-eed5-4c79-81e6-3b11b73a4ebd, last_modified = 2021-09-16
    Source: Process Memory Space: boatnet.x86_64.elf PID: 5566, type: MEMORYSTRMatched rule: Linux_Trojan_Gafgyt_ea92cca8 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = aa4aee9f3d6bedd8234eaf8778895a0f5d71c42b21f2a428f01f121e85704e8e, id = ea92cca8-bba7-4a1c-9b88-a2d051ad0021, last_modified = 2021-09-16
    Source: Process Memory Space: boatnet.x86_64.elf PID: 5568, type: MEMORYSTRMatched rule: Linux_Trojan_Gafgyt_28a2fe0c os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = a2c6beaec18ca876e8487c11bcc7a29279669588aacb7d3027d8d8df8f5bcead, id = 28a2fe0c-eed5-4c79-81e6-3b11b73a4ebd, last_modified = 2021-09-16
    Source: Process Memory Space: boatnet.x86_64.elf PID: 5568, type: MEMORYSTRMatched rule: Linux_Trojan_Gafgyt_ea92cca8 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = aa4aee9f3d6bedd8234eaf8778895a0f5d71c42b21f2a428f01f121e85704e8e, id = ea92cca8-bba7-4a1c-9b88-a2d051ad0021, last_modified = 2021-09-16
    Source: Process Memory Space: boatnet.x86_64.elf PID: 5569, type: MEMORYSTRMatched rule: Linux_Trojan_Gafgyt_28a2fe0c os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = a2c6beaec18ca876e8487c11bcc7a29279669588aacb7d3027d8d8df8f5bcead, id = 28a2fe0c-eed5-4c79-81e6-3b11b73a4ebd, last_modified = 2021-09-16
    Source: Process Memory Space: boatnet.x86_64.elf PID: 5569, type: MEMORYSTRMatched rule: Linux_Trojan_Gafgyt_ea92cca8 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = aa4aee9f3d6bedd8234eaf8778895a0f5d71c42b21f2a428f01f121e85704e8e, id = ea92cca8-bba7-4a1c-9b88-a2d051ad0021, last_modified = 2021-09-16
    Source: classification engineClassification label: mal76.spre.troj.evad.linELF@0/0@2/0

    Data Obfuscation

    barindex
    Sample is packed with UPX
    Source: initial sampleString containing UPX found: $Info: This file is packed with the UPX executable packer http://upx.sf.net $
    Source: initial sampleString containing UPX found: $Info: This file is packed with the UPX executable packer http://upx.sf.net $
    Source: initial sampleString containing UPX found: $Id: UPX 3.94 Copyright (C) 1996-2017 the UPX Team. All Rights Reserved. $
    Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5573)Directory: /home/saturnino/.Xdefaults-galassiaJump to behavior
    Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5574)Directory: /home/saturnino/.Xdefaults-galassiaJump to behavior
    Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5575)Directory: /home/saturnino/.Xdefaults-galassiaJump to behavior
    Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5576)Directory: /home/saturnino/.Xdefaults-galassiaJump to behavior
    Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5577)Directory: /home/saturnino/.Xdefaults-galassiaJump to behavior
    Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5577)Directory: /usr/share/fonts/.uuidJump to behavior
    Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5577)Directory: /usr/local/share/fonts/.uuidJump to behavior
    Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5577)Directory: /home/saturnino/.local/share/fonts/.uuidJump to behavior
    Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5577)Directory: /home/saturnino/.fonts/.uuidJump to behavior
    Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5577)Directory: /usr/share/fonts/X11/.uuidJump to behavior
    Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5577)Directory: /usr/share/fonts/cMap/.uuidJump to behavior
    Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5577)Directory: /usr/share/fonts/cmap/.uuidJump to behavior
    Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5577)Directory: /usr/share/fonts/opentype/.uuidJump to behavior
    Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5577)Directory: /usr/share/fonts/truetype/.uuidJump to behavior
    Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5577)Directory: /usr/share/fonts/type1/.uuidJump to behavior
    Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5577)Directory: /usr/share/fonts/X11/Type1/.uuidJump to behavior
    Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5577)Directory: /usr/share/fonts/X11/encodings/.uuidJump to behavior
    Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5577)Directory: /usr/share/fonts/X11/misc/.uuidJump to behavior
    Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5577)Directory: /usr/share/fonts/X11/util/.uuidJump to behavior
    Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5577)Directory: /usr/share/fonts/cmap/adobe-cns1/.uuidJump to behavior
    Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5577)Directory: /usr/share/fonts/cmap/adobe-gb1/.uuidJump to behavior
    Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5577)Directory: /usr/share/fonts/cmap/adobe-japan1/.uuidJump to behavior
    Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5577)Directory: /usr/share/fonts/cmap/adobe-japan2/.uuidJump to behavior
    Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5577)Directory: /usr/share/fonts/cmap/adobe-korea1/.uuidJump to behavior
    Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5577)Directory: /usr/share/fonts/opentype/malayalam/.uuidJump to behavior
    Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5577)Directory: /usr/share/fonts/opentype/mathjax/.uuidJump to behavior
    Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5577)Directory: /usr/share/fonts/opentype/noto/.uuidJump to behavior
    Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5577)Directory: /usr/share/fonts/opentype/urw-base35/.uuidJump to behavior
    Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5577)Directory: /usr/share/fonts/truetype/Gargi/.uuidJump to behavior
    Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5577)Directory: /usr/share/fonts/truetype/Gubbi/.uuidJump to behavior
    Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5577)Directory: /usr/share/fonts/truetype/Nakula/.uuidJump to behavior
    Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5577)Directory: /usr/share/fonts/truetype/Navilu/.uuidJump to behavior
    Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5577)Directory: /usr/share/fonts/truetype/Sahadeva/.uuidJump to behavior
    Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5577)Directory: /usr/share/fonts/truetype/Sarai/.uuidJump to behavior
    Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5577)Directory: /usr/share/fonts/truetype/abyssinica/.uuidJump to behavior
    Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5577)Directory: /usr/share/fonts/truetype/ancient-scripts/.uuidJump to behavior
    Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5577)Directory: /usr/share/fonts/truetype/dejavu/.uuidJump to behavior
    Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5577)Directory: /usr/share/fonts/truetype/droid/.uuidJump to behavior
    Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5577)Directory: /usr/share/fonts/truetype/fonts-beng-extra/.uuidJump to behavior
    Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5577)Directory: /usr/share/fonts/truetype/fonts-deva-extra/.uuidJump to behavior
    Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5577)Directory: /usr/share/fonts/truetype/fonts-gujr-extra/.uuidJump to behavior
    Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5577)Directory: /usr/share/fonts/truetype/fonts-guru-extra/.uuidJump to behavior
    Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5577)Directory: /usr/share/fonts/truetype/fonts-kalapi/.uuidJump to behavior
    Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5577)Directory: /usr/share/fonts/truetype/fonts-orya-extra/.uuidJump to behavior
    Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5577)Directory: /usr/share/fonts/truetype/fonts-telu-extra/.uuidJump to behavior
    Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5577)Directory: /usr/share/fonts/truetype/fonts-yrsa-rasa/.uuidJump to behavior
    Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5577)Directory: /usr/share/fonts/truetype/freefont/.uuidJump to behavior
    Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5577)Directory: /usr/share/fonts/truetype/kacst/.uuidJump to behavior
    Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5577)Directory: /usr/share/fonts/truetype/kacst-one/.uuidJump to behavior
    Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5577)Directory: /usr/share/fonts/truetype/lao/.uuidJump to behavior
    Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5577)Directory: /usr/share/fonts/truetype/lato/.uuidJump to behavior
    Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5577)Directory: /usr/share/fonts/truetype/liberation/.uuidJump to behavior
    Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5577)Directory: /usr/share/fonts/truetype/liberation2/.uuidJump to behavior
    Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5577)Directory: /usr/share/fonts/truetype/lohit-assamese/.uuidJump to behavior
    Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5577)Directory: /usr/share/fonts/truetype/lohit-bengali/.uuidJump to behavior
    Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5577)Directory: /usr/share/fonts/truetype/lohit-devanagari/.uuidJump to behavior
    Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5577)Directory: /usr/share/fonts/truetype/lohit-gujarati/.uuidJump to behavior
    Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5577)Directory: /usr/share/fonts/truetype/lohit-kannada/.uuidJump to behavior
    Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5577)Directory: /home/saturnino/.cacheJump to behavior
    Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5577)Directory: /home/saturnino/.localJump to behavior
    Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5577)Directory: /home/saturnino/.configJump to behavior
    Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5578)Directory: /home/saturnino/.Xdefaults-galassiaJump to behavior
    Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5578)Directory: /usr/share/fonts/.uuidJump to behavior
    Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5578)Directory: /usr/local/share/fonts/.uuidJump to behavior
    Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5578)Directory: /home/saturnino/.local/share/fonts/.uuidJump to behavior
    Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5578)Directory: /home/saturnino/.fonts/.uuidJump to behavior
    Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5578)Directory: /usr/share/fonts/X11/.uuidJump to behavior
    Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5578)Directory: /usr/share/fonts/cMap/.uuidJump to behavior
    Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5578)Directory: /usr/share/fonts/cmap/.uuidJump to behavior
    Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5578)Directory: /usr/share/fonts/opentype/.uuidJump to behavior
    Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5578)Directory: /usr/share/fonts/truetype/.uuidJump to behavior
    Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5578)Directory: /usr/share/fonts/type1/.uuidJump to behavior
    Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5578)Directory: /usr/share/fonts/X11/Type1/.uuidJump to behavior
    Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5578)Directory: /usr/share/fonts/X11/encodings/.uuidJump to behavior
    Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5578)Directory: /usr/share/fonts/X11/misc/.uuidJump to behavior
    Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5578)Directory: /usr/share/fonts/X11/util/.uuidJump to behavior
    Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5578)Directory: /usr/share/fonts/cmap/adobe-cns1/.uuidJump to behavior
    Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5578)Directory: /usr/share/fonts/cmap/adobe-gb1/.uuidJump to behavior
    Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5578)Directory: /usr/share/fonts/cmap/adobe-japan1/.uuidJump to behavior
    Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5578)Directory: /usr/share/fonts/cmap/adobe-japan2/.uuidJump to behavior
    Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5578)Directory: /usr/share/fonts/cmap/adobe-korea1/.uuidJump to behavior
    Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5578)Directory: /usr/share/fonts/opentype/malayalam/.uuidJump to behavior
    Source: /usr/lib/x86_64-linux-gnu/xfce4/xfconf/xfconfd (PID: 5594)Directory: /home/saturnino/.cacheJump to behavior
    Source: /usr/lib/x86_64-linux-gnu/xfce4/xfconf/xfconfd (PID: 5594)Directory: /home/saturnino/.localJump to behavior
    Source: /usr/lib/x86_64-linux-gnu/xfce4/xfconf/xfconfd (PID: 5594)Directory: /home/saturnino/.configJump to behavior
    Source: /usr/lib/x86_64-linux-gnu/xfce4/xfconf/xfconfd (PID: 5594)Directory: /home/saturnino/.configJump to behavior
    Source: /usr/lib/x86_64-linux-gnu/xfce4/notifyd/xfce4-notifyd (PID: 5603)Directory: /home/saturnino/.Xdefaults-galassiaJump to behavior
    Source: /usr/lib/x86_64-linux-gnu/xfce4/notifyd/xfce4-notifyd (PID: 5603)Directory: /home/saturnino/.cacheJump to behavior
    Source: /usr/lib/x86_64-linux-gnu/xfce4/notifyd/xfce4-notifyd (PID: 5603)Directory: /home/saturnino/.localJump to behavior
    Source: /usr/lib/x86_64-linux-gnu/xfce4/notifyd/xfce4-notifyd (PID: 5603)Directory: /home/saturnino/.configJump to behavior
    Source: /tmp/boatnet.x86_64.elf (PID: 5567)File opened: /proc/3760/cmdlineJump to behavior
    Source: /tmp/boatnet.x86_64.elf (PID: 5567)File opened: /proc/2672/cmdlineJump to behavior
    Source: /tmp/boatnet.x86_64.elf (PID: 5567)File opened: /proc/1583/cmdlineJump to behavior
    Source: /tmp/boatnet.x86_64.elf (PID: 5567)File opened: /proc/3244/cmdlineJump to behavior
    Source: /tmp/boatnet.x86_64.elf (PID: 5567)File opened: /proc/3120/cmdlineJump to behavior
    Source: /tmp/boatnet.x86_64.elf (PID: 5567)File opened: /proc/3361/cmdlineJump to behavior
    Source: /tmp/boatnet.x86_64.elf (PID: 5567)File opened: /proc/3759/cmdlineJump to behavior
    Source: /tmp/boatnet.x86_64.elf (PID: 5567)File opened: /proc/3239/cmdlineJump to behavior
    Source: /tmp/boatnet.x86_64.elf (PID: 5567)File opened: /proc/1577/cmdlineJump to behavior
    Source: /tmp/boatnet.x86_64.elf (PID: 5567)File opened: /proc/1610/cmdlineJump to behavior
    Source: /tmp/boatnet.x86_64.elf (PID: 5567)File opened: /proc/512/cmdlineJump to behavior
    Source: /tmp/boatnet.x86_64.elf (PID: 5567)File opened: /proc/1299/cmdlineJump to behavior
    Source: /tmp/boatnet.x86_64.elf (PID: 5567)File opened: /proc/3235/cmdlineJump to behavior
    Source: /tmp/boatnet.x86_64.elf (PID: 5567)File opened: /proc/514/cmdlineJump to behavior
    Source: /tmp/boatnet.x86_64.elf (PID: 5567)File opened: /proc/519/cmdlineJump to behavior
    Source: /tmp/boatnet.x86_64.elf (PID: 5567)File opened: /proc/2946/cmdlineJump to behavior
    Source: /tmp/boatnet.x86_64.elf (PID: 5567)File opened: /proc/3757/cmdlineJump to behavior
    Source: /tmp/boatnet.x86_64.elf (PID: 5567)File opened: /proc/917/cmdlineJump to behavior
    Source: /tmp/boatnet.x86_64.elf (PID: 5567)File opened: /proc/3758/cmdlineJump to behavior
    Source: /tmp/boatnet.x86_64.elf (PID: 5567)File opened: /proc/5550/cmdlineJump to behavior
    Source: /tmp/boatnet.x86_64.elf (PID: 5567)File opened: /proc/3134/cmdlineJump to behavior
    Source: /tmp/boatnet.x86_64.elf (PID: 5567)File opened: /proc/1593/cmdlineJump to behavior
    Source: /tmp/boatnet.x86_64.elf (PID: 5567)File opened: /proc/3011/cmdlineJump to behavior
    Source: /tmp/boatnet.x86_64.elf (PID: 5567)File opened: /proc/3094/cmdlineJump to behavior
    Source: /tmp/boatnet.x86_64.elf (PID: 5567)File opened: /proc/3406/cmdlineJump to behavior
    Source: /tmp/boatnet.x86_64.elf (PID: 5567)File opened: /proc/1589/cmdlineJump to behavior
    Source: /tmp/boatnet.x86_64.elf (PID: 5567)File opened: /proc/3129/cmdlineJump to behavior
    Source: /tmp/boatnet.x86_64.elf (PID: 5567)File opened: /proc/1588/cmdlineJump to behavior
    Source: /tmp/boatnet.x86_64.elf (PID: 5567)File opened: /proc/3402/cmdlineJump to behavior
    Source: /tmp/boatnet.x86_64.elf (PID: 5567)File opened: /proc/3125/cmdlineJump to behavior
    Source: /tmp/boatnet.x86_64.elf (PID: 5567)File opened: /proc/3246/cmdlineJump to behavior
    Source: /tmp/boatnet.x86_64.elf (PID: 5567)File opened: /proc/3245/cmdlineJump to behavior
    Source: /tmp/boatnet.x86_64.elf (PID: 5567)File opened: /proc/767/cmdlineJump to behavior
    Source: /tmp/boatnet.x86_64.elf (PID: 5567)File opened: /proc/800/cmdlineJump to behavior
    Source: /tmp/boatnet.x86_64.elf (PID: 5567)File opened: /proc/888/cmdlineJump to behavior
    Source: /tmp/boatnet.x86_64.elf (PID: 5567)File opened: /proc/801/cmdlineJump to behavior
    Source: /tmp/boatnet.x86_64.elf (PID: 5567)File opened: /proc/769/cmdlineJump to behavior
    Source: /tmp/boatnet.x86_64.elf (PID: 5567)File opened: /proc/803/cmdlineJump to behavior
    Source: /tmp/boatnet.x86_64.elf (PID: 5567)File opened: /proc/5549/cmdlineJump to behavior
    Source: /tmp/boatnet.x86_64.elf (PID: 5567)File opened: /proc/806/cmdlineJump to behavior
    Source: /tmp/boatnet.x86_64.elf (PID: 5567)File opened: /proc/807/cmdlineJump to behavior
    Source: /tmp/boatnet.x86_64.elf (PID: 5567)File opened: /proc/928/cmdlineJump to behavior
    Source: /tmp/boatnet.x86_64.elf (PID: 5567)File opened: /proc/2956/cmdlineJump to behavior
    Source: /tmp/boatnet.x86_64.elf (PID: 5567)File opened: /proc/3420/cmdlineJump to behavior
    Source: /tmp/boatnet.x86_64.elf (PID: 5567)File opened: /proc/490/cmdlineJump to behavior
    Source: /tmp/boatnet.x86_64.elf (PID: 5567)File opened: /proc/3142/cmdlineJump to behavior
    Source: /tmp/boatnet.x86_64.elf (PID: 5567)File opened: /proc/1635/cmdlineJump to behavior
    Source: /tmp/boatnet.x86_64.elf (PID: 5567)File opened: /proc/1633/cmdlineJump to behavior
    Source: /tmp/boatnet.x86_64.elf (PID: 5567)File opened: /proc/1599/cmdlineJump to behavior
    Source: /tmp/boatnet.x86_64.elf (PID: 5567)File opened: /proc/3139/cmdlineJump to behavior
    Source: /tmp/boatnet.x86_64.elf (PID: 5567)File opened: /proc/1873/cmdlineJump to behavior
    Source: /tmp/boatnet.x86_64.elf (PID: 5567)File opened: /proc/1630/cmdlineJump to behavior
    Source: /tmp/boatnet.x86_64.elf (PID: 5567)File opened: /proc/3412/cmdlineJump to behavior
    Source: /tmp/boatnet.x86_64.elf (PID: 5567)File opened: /proc/657/cmdlineJump to behavior
    Source: /tmp/boatnet.x86_64.elf (PID: 5567)File opened: /proc/658/cmdlineJump to behavior
    Source: /tmp/boatnet.x86_64.elf (PID: 5567)File opened: /proc/659/cmdlineJump to behavior
    Source: /tmp/boatnet.x86_64.elf (PID: 5567)File opened: /proc/418/cmdlineJump to behavior
    Source: /tmp/boatnet.x86_64.elf (PID: 5567)File opened: /proc/419/cmdlineJump to behavior
    Source: /tmp/boatnet.x86_64.elf (PID: 5567)File opened: /proc/1639/cmdlineJump to behavior
    Source: /tmp/boatnet.x86_64.elf (PID: 5567)File opened: /proc/1638/cmdlineJump to behavior
    Source: /tmp/boatnet.x86_64.elf (PID: 5567)File opened: /proc/5693/cmdlineJump to behavior
    Source: /tmp/boatnet.x86_64.elf (PID: 5567)File opened: /proc/5573/cmdlineJump to behavior
    Source: /tmp/boatnet.x86_64.elf (PID: 5567)File opened: /proc/5574/cmdlineJump to behavior
    Source: /tmp/boatnet.x86_64.elf (PID: 5567)File opened: /proc/5575/cmdlineJump to behavior
    Source: /tmp/boatnet.x86_64.elf (PID: 5567)File opened: /proc/5576/cmdlineJump to behavior
    Source: /tmp/boatnet.x86_64.elf (PID: 5567)File opened: /proc/3398/cmdlineJump to behavior
    Source: /tmp/boatnet.x86_64.elf (PID: 5567)File opened: /proc/1371/cmdlineJump to behavior
    Source: /tmp/boatnet.x86_64.elf (PID: 5567)File opened: /proc/3392/cmdlineJump to behavior
    Source: /tmp/boatnet.x86_64.elf (PID: 5567)File opened: /proc/780/cmdlineJump to behavior
    Source: /tmp/boatnet.x86_64.elf (PID: 5567)File opened: /proc/660/cmdlineJump to behavior
    Source: /tmp/boatnet.x86_64.elf (PID: 5567)File opened: /proc/661/cmdlineJump to behavior
    Source: /tmp/boatnet.x86_64.elf (PID: 5567)File opened: /proc/782/cmdlineJump to behavior
    Source: /tmp/boatnet.x86_64.elf (PID: 5567)File opened: /proc/1369/cmdlineJump to behavior
    Source: /tmp/boatnet.x86_64.elf (PID: 5567)File opened: /proc/3304/cmdlineJump to behavior
    Source: /tmp/boatnet.x86_64.elf (PID: 5567)File opened: /proc/3425/cmdlineJump to behavior
    Source: /tmp/boatnet.x86_64.elf (PID: 5567)File opened: /proc/785/cmdlineJump to behavior
    Source: /tmp/boatnet.x86_64.elf (PID: 5567)File opened: /proc/1642/cmdlineJump to behavior
    Source: /tmp/boatnet.x86_64.elf (PID: 5567)File opened: /proc/940/cmdlineJump to behavior
    Source: /tmp/boatnet.x86_64.elf (PID: 5567)File opened: /proc/941/cmdlineJump to behavior
    Source: /tmp/boatnet.x86_64.elf (PID: 5567)File opened: /proc/1640/cmdlineJump to behavior
    Source: /tmp/boatnet.x86_64.elf (PID: 5567)File opened: /proc/3147/cmdlineJump to behavior
    Source: /tmp/boatnet.x86_64.elf (PID: 5567)File opened: /proc/3268/cmdlineJump to behavior
    Source: /tmp/boatnet.x86_64.elf (PID: 5567)File opened: /proc/1364/cmdlineJump to behavior
    Source: /tmp/boatnet.x86_64.elf (PID: 5567)File opened: /proc/548/cmdlineJump to behavior
    Source: /tmp/boatnet.x86_64.elf (PID: 5567)File opened: /proc/5569/cmdlineJump to behavior
    Source: /tmp/boatnet.x86_64.elf (PID: 5567)File opened: /proc/5603/cmdlineJump to behavior
    Source: /tmp/boatnet.x86_64.elf (PID: 5567)File opened: /proc/1647/cmdlineJump to behavior
    Source: /tmp/boatnet.x86_64.elf (PID: 5567)File opened: /proc/2991/cmdlineJump to behavior
    Source: /tmp/boatnet.x86_64.elf (PID: 5567)File opened: /proc/1383/cmdlineJump to behavior
    Source: /tmp/boatnet.x86_64.elf (PID: 5567)File opened: /proc/1382/cmdlineJump to behavior
    Source: /tmp/boatnet.x86_64.elf (PID: 5567)File opened: /proc/1381/cmdlineJump to behavior
    Source: /tmp/boatnet.x86_64.elf (PID: 5567)File opened: /proc/791/cmdlineJump to behavior
    Source: /tmp/boatnet.x86_64.elf (PID: 5567)File opened: /proc/671/cmdlineJump to behavior
    Source: /tmp/boatnet.x86_64.elf (PID: 5567)File opened: /proc/794/cmdlineJump to behavior
    Source: /tmp/boatnet.x86_64.elf (PID: 5567)File opened: /proc/1655/cmdlineJump to behavior
    Source: /tmp/boatnet.x86_64.elf (PID: 5567)File opened: /proc/2986/cmdlineJump to behavior
    Source: /tmp/boatnet.x86_64.elf (PID: 5567)File opened: /proc/795/cmdlineJump to behavior
    Source: /tmp/boatnet.x86_64.elf (PID: 5567)File opened: /proc/674/cmdlineJump to behavior
    Source: /tmp/boatnet.x86_64.elf (PID: 5567)File opened: /proc/1653/cmdlineJump to behavior
    Source: /tmp/boatnet.x86_64.elf (PID: 5567)File opened: /proc/797/cmdlineJump to behavior
    Source: /tmp/boatnet.x86_64.elf (PID: 5567)File opened: /proc/2983/cmdlineJump to behavior
    Source: /tmp/boatnet.x86_64.elf (PID: 5567)File opened: /proc/3159/cmdlineJump to behavior
    Source: /tmp/boatnet.x86_64.elf (PID: 5567)File opened: /proc/678/cmdlineJump to behavior
    Source: /tmp/boatnet.x86_64.elf (PID: 5567)File opened: /proc/1650/cmdlineJump to behavior
    Source: /tmp/boatnet.x86_64.elf (PID: 5567)File opened: /proc/3157/cmdlineJump to behavior
    Source: boatnet.x86_64.elfSubmission file: segment LOAD with 7.9551 entropy (max. 8.0)
    Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5573)Queries kernel information via 'uname': Jump to behavior
    Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5574)Queries kernel information via 'uname': Jump to behavior
    Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5575)Queries kernel information via 'uname': Jump to behavior
    Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5576)Queries kernel information via 'uname': Jump to behavior
    Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5577)Queries kernel information via 'uname': Jump to behavior
    Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5578)Queries kernel information via 'uname': Jump to behavior
    Source: /usr/lib/x86_64-linux-gnu/xfce4/notifyd/xfce4-notifyd (PID: 5603)Queries kernel information via 'uname': Jump to behavior

    Stealing of Sensitive Information

    barindex
    Yara detected Mirai
    Source: Yara matchFile source: 5569.1.0000000000400000.0000000000414000.r-x.sdmp, type: MEMORY
    Source: Yara matchFile source: 5566.1.0000000000400000.0000000000414000.r-x.sdmp, type: MEMORY
    Source: Yara matchFile source: 5568.1.0000000000400000.0000000000414000.r-x.sdmp, type: MEMORY
    Source: Yara matchFile source: Process Memory Space: boatnet.x86_64.elf PID: 5566, type: MEMORYSTR
    Source: Yara matchFile source: Process Memory Space: boatnet.x86_64.elf PID: 5568, type: MEMORYSTR
    Source: Yara matchFile source: Process Memory Space: boatnet.x86_64.elf PID: 5569, type: MEMORYSTR

    Remote Access Functionality

    barindex
    Yara detected Mirai
    Source: Yara matchFile source: 5569.1.0000000000400000.0000000000414000.r-x.sdmp, type: MEMORY
    Source: Yara matchFile source: 5566.1.0000000000400000.0000000000414000.r-x.sdmp, type: MEMORY
    Source: Yara matchFile source: 5568.1.0000000000400000.0000000000414000.r-x.sdmp, type: MEMORY
    Source: Yara matchFile source: Process Memory Space: boatnet.x86_64.elf PID: 5566, type: MEMORYSTR
    Source: Yara matchFile source: Process Memory Space: boatnet.x86_64.elf PID: 5568, type: MEMORYSTR
    Source: Yara matchFile source: Process Memory Space: boatnet.x86_64.elf PID: 5569, type: MEMORYSTR

    Mitre Att&ck Matrix

    ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
    Gather Victim Identity InformationAcquire InfrastructureValid AccountsWindows Management InstrumentationPath InterceptionPath Interception1
    Hidden Files and Directories    		1
    OS Credential Dumping    		1
    Security Software Discovery    		Remote ServicesData from Local System1
    Non-Standard Port    		Exfiltration Over Other Network Medium1
    Service Stop
    CredentialsDomainsDefault AccountsScheduled Task/JobBoot or Logon Initialization ScriptsBoot or Logon Initialization Scripts11
    Obfuscated Files or Information    		LSASS MemoryApplication Window DiscoveryRemote Desktop ProtocolData from Removable Media1
    Non-Application Layer Protocol    		Exfiltration Over BluetoothNetwork Denial of Service
    Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)Logon Script (Windows)Obfuscated Files or InformationSecurity Account ManagerQuery RegistrySMB/Windows Admin SharesData from Network Shared Drive1
    Application Layer Protocol    		Automated ExfiltrationData Encrypted for Impact

    Malware Configuration

    No configs have been found

    Behavior Graph

    Hide Legend

    Legend:

    • Process
    • Signature
    • Created File
    • DNS/IP Info
    • Is Dropped
    • Number of created Files
    • Is malicious
    • Internet
    behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 1589461 Sample: boatnet.x86_64.elf Startdate: 12/01/2025 Architecture: LINUX Score: 76 24 94.158.245.27, 3778, 39384, 39386 MIVOCLOUDMD Moldova Republic of 2->24 26 daisy.ubuntu.com 2->26 28 Malicious sample detected (through community Yara rule) 2->28 30 Multi AV Scanner detection for submitted file 2->30 32 Yara detected Mirai 2->32 34 2 other signatures 2->34 7 boatnet.x86_64.elf 2->7         started        9 xfce4-panel wrapper-2.0 2->9         started        11 xfce4-panel wrapper-2.0 2->11         started        13 6 other processes 2->13 signatures3 process4 process5 15 boatnet.x86_64.elf 7->15         started        18 boatnet.x86_64.elf 7->18         started        20 boatnet.x86_64.elf 7->20         started        22 wrapper-2.0 xfpm-power-backlight-helper 9->22         started        signatures6 36 Sample tries to kill multiple processes (SIGKILL) 15->36

    Screenshots

    Thumbnails

    This section contains all screenshots as thumbnails, including those not shown in the slideshow.


    windows-stand

    Antivirus, Machine Learning and Genetic Malware Detection

    Initial Sample

    SourceDetectionScannerLabelLink
    boatnet.x86_64.elf26%VirustotalBrowse
    boatnet.x86_64.elf47%ReversingLabsLinux.Backdoor.Mirai
    boatnet.x86_64.elf100%Joe Sandbox ML

    Dropped Files

    No Antivirus matches

    Domains

    No Antivirus matches

    URLs

    No Antivirus matches

    Domains and IPs

    Contacted Domains

    NameIPActiveMaliciousAntivirus DetectionReputation
    daisy.ubuntu.com
    		162.213.35.25
    		truefalse
      		high

      URLs from Memory and Binaries

      NameSourceMaliciousAntivirus DetectionReputation
      http://upx.sf.netboatnet.x86_64.elffalse
        		high

        World Map of Contacted IPs

        • No. of IPs < 25%
        • 25% < No. of IPs < 50%
        • 50% < No. of IPs < 75%
        • 75% < No. of IPs

        Public IPs

        IPDomainCountryFlagASNASN NameMalicious
        94.158.245.27
        		unknownMoldova Republic of
        		39798MIVOCLOUDMDfalse

        Joe Sandbox View / Context

        IPs

        MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
        94.158.245.27boatnet.ppc.elfGet hashmaliciousMiraiBrowse
          boatnet.arm.elfGet hashmaliciousMiraiBrowse
            boatnet.arm7.elfGet hashmaliciousMiraiBrowse
              boatnet.x86.elfGet hashmaliciousMiraiBrowse

                Domains

                MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                daisy.ubuntu.com2.elfGet hashmaliciousUnknownBrowse
                • 162.213.35.24
                boatnet.arm7.elfGet hashmaliciousMiraiBrowse
                • 162.213.35.25
                boatnet.x86.elfGet hashmaliciousMiraiBrowse
                • 162.213.35.25
                arm6.elfGet hashmaliciousUnknownBrowse
                • 162.213.35.25
                camp.arm6.elfGet hashmaliciousMiraiBrowse
                • 162.213.35.25
                2.elfGet hashmaliciousUnknownBrowse
                • 162.213.35.25
                x86_64.elfGet hashmaliciousUnknownBrowse
                • 162.213.35.24
                mips.elfGet hashmaliciousUnknownBrowse
                • 162.213.35.24
                i686.elfGet hashmaliciousUnknownBrowse
                • 162.213.35.25

                ASNs

                MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                MIVOCLOUDMDboatnet.ppc.elfGet hashmaliciousMiraiBrowse
                • 94.158.245.27
                boatnet.arm.elfGet hashmaliciousMiraiBrowse
                • 94.158.245.27
                boatnet.arm7.elfGet hashmaliciousMiraiBrowse
                • 94.158.245.27
                boatnet.x86.elfGet hashmaliciousMiraiBrowse
                • 94.158.245.27
                camp.x86_64.elfGet hashmaliciousMiraiBrowse
                • 5.181.159.16
                camp.arm7.elfGet hashmaliciousMiraiBrowse
                • 5.181.159.16
                camp.sh4.elfGet hashmaliciousMiraiBrowse
                • 5.181.159.16
                camp.i686.elfGet hashmaliciousMiraiBrowse
                • 5.181.159.16
                camp.m68k.elfGet hashmaliciousMiraiBrowse
                • 5.181.159.16
                camp.spc.elfGet hashmaliciousMiraiBrowse
                • 5.181.159.16

                JA3 Fingerprints

                No context

                Dropped Files

                No context

                Created / dropped Files

                No created / dropped files found

                Static File Info

                General

                File type:ELF 64-bit LSB executable, x86-64, version 1 (SYSV), statically linked, no section header
                Entropy (8bit):7.9521473381674355
                TrID:
                • ELF Executable and Linkable format (generic) (4004/1) 100.00%
                File name:boatnet.x86_64.elf
                File size:32'564 bytes
                MD5:709b104e746f24f3b18f7a1118c18bf0
                SHA1:c1735eb637560a097d7a451601bb9ca2e8706e21
                SHA256:abbd8780d40c95322f51410e0c77e22f3cb85a1e820ce62c604d3237c24089f1
                SHA512:25d982fa5382a5ca8ad6820bb4021763c25bbe8ebc414043ade122529c0b1adcc10cd8fe6caa0b5ad5a4b97d9cfc80d0a15338e7422b2604dc2ecab88fcbba34
                SSDEEP:768:VA8sF/Ttf+pZlilsM68XATG5Th53qZSlOWmKJix07x:GjiiBzXjT53ISpmvOx
                TLSH:A4E2D0934373D9FEC8126A32029A2350E8F276452E176BFF64C6B5FB6C765424F12E01
                File Content Preview:.ELF..............>......m......@...................@.8...@.....................................<~......<~...............................GQ......GQ.............................Q.td.....................................................F2.UPX!D........;...;.

                Static ELF Info

                ELF header

                Class:ELF64
                Data:2's complement, little endian
                Version:1 (current)
                Machine:Advanced Micro Devices X86-64
                Version Number:0x1
                Type:EXEC (Executable file)
                OS/ABI:UNIX - System V
                ABI Version:0
                Entry Point Address:0x106d00
                Flags:0x0
                ELF Header Size:64
                Program Header Offset:64
                Program Header Size:56
                Number of Program Headers:3
                Section Header Offset:0
                Section Header Size:64
                Number of Section Headers:0
                Header String Table Index:0

                Program Segments

                TypeOffsetVirtual AddressPhysical AddressFile SizeMemory SizeEntropyFlagsFlags DescriptionAlignProg InterpreterSection Mappings
                LOAD0x00x1000000x1000000x7e3c0x7e3c7.95510x5R E0x100000
                LOAD0x7880x5147880x5147880x00x00.00000x6RW 0x1000
                GNU_STACK0x00x00x00x00x00.00000x6RW 0x8

                Network Behavior

                Network Port Distribution

                TCP Packets

                TimestampSource PortDest PortSource IPDest IP
                Jan 12, 2025 15:49:20.822727919 CET393843778192.168.2.1494.158.245.27
                Jan 12, 2025 15:49:20.827738047 CET37783938494.158.245.27192.168.2.14
                Jan 12, 2025 15:49:20.827788115 CET393843778192.168.2.1494.158.245.27
                Jan 12, 2025 15:49:20.831521988 CET393843778192.168.2.1494.158.245.27
                Jan 12, 2025 15:49:20.836452961 CET37783938494.158.245.27192.168.2.14
                Jan 12, 2025 15:49:20.836505890 CET393843778192.168.2.1494.158.245.27
                Jan 12, 2025 15:49:20.841387987 CET37783938494.158.245.27192.168.2.14
                Jan 12, 2025 15:49:21.511679888 CET37783938494.158.245.27192.168.2.14
                Jan 12, 2025 15:49:21.511807919 CET393843778192.168.2.1494.158.245.27
                Jan 12, 2025 15:49:21.511960030 CET393843778192.168.2.1494.158.245.27
                Jan 12, 2025 15:49:21.511986017 CET37783938494.158.245.27192.168.2.14
                Jan 12, 2025 15:49:21.512041092 CET37783938494.158.245.27192.168.2.14
                Jan 12, 2025 15:49:21.512065887 CET393843778192.168.2.1494.158.245.27
                Jan 12, 2025 15:49:21.512074947 CET37783938494.158.245.27192.168.2.14
                Jan 12, 2025 15:49:21.512087107 CET393843778192.168.2.1494.158.245.27
                Jan 12, 2025 15:49:21.512128115 CET37783938494.158.245.27192.168.2.14
                Jan 12, 2025 15:49:21.512132883 CET393843778192.168.2.1494.158.245.27
                Jan 12, 2025 15:49:21.512161016 CET37783938494.158.245.27192.168.2.14
                Jan 12, 2025 15:49:21.512172937 CET393843778192.168.2.1494.158.245.27
                Jan 12, 2025 15:49:21.512192965 CET37783938494.158.245.27192.168.2.14
                Jan 12, 2025 15:49:21.512202024 CET393843778192.168.2.1494.158.245.27
                Jan 12, 2025 15:49:21.512231112 CET393843778192.168.2.1494.158.245.27
                Jan 12, 2025 15:49:21.512248993 CET37783938494.158.245.27192.168.2.14
                Jan 12, 2025 15:49:21.512265921 CET37783938494.158.245.27192.168.2.14
                Jan 12, 2025 15:49:21.512279034 CET37783938494.158.245.27192.168.2.14
                Jan 12, 2025 15:49:21.512294054 CET393843778192.168.2.1494.158.245.27
                Jan 12, 2025 15:49:21.512294054 CET393843778192.168.2.1494.158.245.27
                Jan 12, 2025 15:49:21.512307882 CET393843778192.168.2.1494.158.245.27
                Jan 12, 2025 15:49:21.512720108 CET393863778192.168.2.1494.158.245.27
                Jan 12, 2025 15:49:21.521773100 CET37783938694.158.245.27192.168.2.14
                Jan 12, 2025 15:49:21.521847963 CET393863778192.168.2.1494.158.245.27
                Jan 12, 2025 15:49:21.523015022 CET393863778192.168.2.1494.158.245.27
                Jan 12, 2025 15:49:21.527851105 CET37783938694.158.245.27192.168.2.14
                Jan 12, 2025 15:49:21.527909994 CET393863778192.168.2.1494.158.245.27
                Jan 12, 2025 15:49:21.532812119 CET37783938694.158.245.27192.168.2.14
                Jan 12, 2025 15:49:22.228699923 CET37783938694.158.245.27192.168.2.14
                Jan 12, 2025 15:49:22.228765011 CET37783938694.158.245.27192.168.2.14
                Jan 12, 2025 15:49:22.228802919 CET37783938694.158.245.27192.168.2.14
                Jan 12, 2025 15:49:22.228837967 CET37783938694.158.245.27192.168.2.14
                Jan 12, 2025 15:49:22.228842974 CET393863778192.168.2.1494.158.245.27
                Jan 12, 2025 15:49:22.228842974 CET393863778192.168.2.1494.158.245.27
                Jan 12, 2025 15:49:22.228842974 CET393863778192.168.2.1494.158.245.27
                Jan 12, 2025 15:49:22.228871107 CET37783938694.158.245.27192.168.2.14
                Jan 12, 2025 15:49:22.228878975 CET393863778192.168.2.1494.158.245.27
                Jan 12, 2025 15:49:22.228905916 CET37783938694.158.245.27192.168.2.14
                Jan 12, 2025 15:49:22.228912115 CET393863778192.168.2.1494.158.245.27
                Jan 12, 2025 15:49:22.228940964 CET37783938694.158.245.27192.168.2.14
                Jan 12, 2025 15:49:22.228946924 CET393863778192.168.2.1494.158.245.27
                Jan 12, 2025 15:49:22.228976011 CET37783938694.158.245.27192.168.2.14
                Jan 12, 2025 15:49:22.228979111 CET393863778192.168.2.1494.158.245.27
                Jan 12, 2025 15:49:22.229007959 CET37783938694.158.245.27192.168.2.14
                Jan 12, 2025 15:49:22.229013920 CET393863778192.168.2.1494.158.245.27
                Jan 12, 2025 15:49:22.229013920 CET393863778192.168.2.1494.158.245.27
                Jan 12, 2025 15:49:22.229041100 CET37783938694.158.245.27192.168.2.14
                Jan 12, 2025 15:49:22.229077101 CET393863778192.168.2.1494.158.245.27
                Jan 12, 2025 15:49:22.229077101 CET393863778192.168.2.1494.158.245.27
                Jan 12, 2025 15:49:22.229625940 CET393883778192.168.2.1494.158.245.27
                Jan 12, 2025 15:49:22.234534025 CET37783938894.158.245.27192.168.2.14
                Jan 12, 2025 15:49:22.234621048 CET393883778192.168.2.1494.158.245.27
                Jan 12, 2025 15:49:22.235657930 CET393883778192.168.2.1494.158.245.27
                Jan 12, 2025 15:49:22.240530014 CET37783938894.158.245.27192.168.2.14
                Jan 12, 2025 15:49:22.240581036 CET393883778192.168.2.1494.158.245.27
                Jan 12, 2025 15:49:22.245542049 CET37783938894.158.245.27192.168.2.14
                Jan 12, 2025 15:49:22.929233074 CET37783938894.158.245.27192.168.2.14
                Jan 12, 2025 15:49:22.929419041 CET37783938894.158.245.27192.168.2.14
                Jan 12, 2025 15:49:22.929434061 CET37783938894.158.245.27192.168.2.14
                Jan 12, 2025 15:49:22.929447889 CET37783938894.158.245.27192.168.2.14
                Jan 12, 2025 15:49:22.929466009 CET37783938894.158.245.27192.168.2.14
                Jan 12, 2025 15:49:22.929492950 CET393883778192.168.2.1494.158.245.27
                Jan 12, 2025 15:49:22.929492950 CET393883778192.168.2.1494.158.245.27
                Jan 12, 2025 15:49:22.929492950 CET393883778192.168.2.1494.158.245.27
                Jan 12, 2025 15:49:22.929493904 CET393883778192.168.2.1494.158.245.27
                Jan 12, 2025 15:49:22.929543972 CET37783938894.158.245.27192.168.2.14
                Jan 12, 2025 15:49:22.929574966 CET37783938894.158.245.27192.168.2.14
                Jan 12, 2025 15:49:22.929586887 CET393883778192.168.2.1494.158.245.27
                Jan 12, 2025 15:49:22.929586887 CET393883778192.168.2.1494.158.245.27
                Jan 12, 2025 15:49:22.929594994 CET37783938894.158.245.27192.168.2.14
                Jan 12, 2025 15:49:22.929615974 CET37783938894.158.245.27192.168.2.14
                Jan 12, 2025 15:49:22.929625034 CET393883778192.168.2.1494.158.245.27
                Jan 12, 2025 15:49:22.929632902 CET37783938894.158.245.27192.168.2.14
                Jan 12, 2025 15:49:22.929636955 CET393883778192.168.2.1494.158.245.27
                Jan 12, 2025 15:49:22.929657936 CET393883778192.168.2.1494.158.245.27
                Jan 12, 2025 15:49:22.929708004 CET393883778192.168.2.1494.158.245.27
                Jan 12, 2025 15:49:22.929735899 CET393883778192.168.2.1494.158.245.27
                Jan 12, 2025 15:49:22.930583954 CET393903778192.168.2.1494.158.245.27
                Jan 12, 2025 15:49:22.935390949 CET37783939094.158.245.27192.168.2.14
                Jan 12, 2025 15:49:22.935455084 CET393903778192.168.2.1494.158.245.27
                Jan 12, 2025 15:49:22.936548948 CET393903778192.168.2.1494.158.245.27
                Jan 12, 2025 15:49:22.941518068 CET37783939094.158.245.27192.168.2.14
                Jan 12, 2025 15:49:22.941569090 CET393903778192.168.2.1494.158.245.27
                Jan 12, 2025 15:49:22.946455956 CET37783939094.158.245.27192.168.2.14
                Jan 12, 2025 15:49:23.636995077 CET37783939094.158.245.27192.168.2.14
                Jan 12, 2025 15:49:23.637048960 CET37783939094.158.245.27192.168.2.14
                Jan 12, 2025 15:49:23.637084007 CET37783939094.158.245.27192.168.2.14
                Jan 12, 2025 15:49:23.637120008 CET37783939094.158.245.27192.168.2.14
                Jan 12, 2025 15:49:23.637149096 CET37783939094.158.245.27192.168.2.14
                Jan 12, 2025 15:49:23.637181044 CET37783939094.158.245.27192.168.2.14
                Jan 12, 2025 15:49:23.637214899 CET37783939094.158.245.27192.168.2.14
                Jan 12, 2025 15:49:23.637221098 CET393903778192.168.2.1494.158.245.27
                Jan 12, 2025 15:49:23.637221098 CET393903778192.168.2.1494.158.245.27
                Jan 12, 2025 15:49:23.637221098 CET393903778192.168.2.1494.158.245.27
                Jan 12, 2025 15:49:23.637248993 CET37783939094.158.245.27192.168.2.14
                Jan 12, 2025 15:49:23.637258053 CET393903778192.168.2.1494.158.245.27
                Jan 12, 2025 15:49:23.637258053 CET393903778192.168.2.1494.158.245.27
                Jan 12, 2025 15:49:23.637258053 CET393903778192.168.2.1494.158.245.27
                Jan 12, 2025 15:49:23.637258053 CET393903778192.168.2.1494.158.245.27
                Jan 12, 2025 15:49:23.637284040 CET37783939094.158.245.27192.168.2.14
                Jan 12, 2025 15:49:23.637295961 CET393903778192.168.2.1494.158.245.27
                Jan 12, 2025 15:49:23.637319088 CET37783939094.158.245.27192.168.2.14
                Jan 12, 2025 15:49:23.637325048 CET393903778192.168.2.1494.158.245.27
                Jan 12, 2025 15:49:23.637346029 CET393903778192.168.2.1494.158.245.27
                Jan 12, 2025 15:49:23.637425900 CET393903778192.168.2.1494.158.245.27
                Jan 12, 2025 15:49:23.638088942 CET393923778192.168.2.1494.158.245.27
                Jan 12, 2025 15:49:23.642268896 CET37783939094.158.245.27192.168.2.14
                Jan 12, 2025 15:49:23.642318010 CET393903778192.168.2.1494.158.245.27
                Jan 12, 2025 15:49:23.642966032 CET37783939294.158.245.27192.168.2.14
                Jan 12, 2025 15:49:23.643018007 CET393923778192.168.2.1494.158.245.27
                Jan 12, 2025 15:49:23.644081116 CET393923778192.168.2.1494.158.245.27
                Jan 12, 2025 15:49:23.648899078 CET37783939294.158.245.27192.168.2.14
                Jan 12, 2025 15:49:23.648941040 CET393923778192.168.2.1494.158.245.27
                Jan 12, 2025 15:49:23.653842926 CET37783939294.158.245.27192.168.2.14
                Jan 12, 2025 15:49:24.334600925 CET37783939294.158.245.27192.168.2.14
                Jan 12, 2025 15:49:24.334650993 CET37783939294.158.245.27192.168.2.14
                Jan 12, 2025 15:49:24.334691048 CET37783939294.158.245.27192.168.2.14
                Jan 12, 2025 15:49:24.334706068 CET393923778192.168.2.1494.158.245.27
                Jan 12, 2025 15:49:24.334724903 CET37783939294.158.245.27192.168.2.14
                Jan 12, 2025 15:49:24.334737062 CET393923778192.168.2.1494.158.245.27
                Jan 12, 2025 15:49:24.334737062 CET393923778192.168.2.1494.158.245.27
                Jan 12, 2025 15:49:24.334762096 CET37783939294.158.245.27192.168.2.14
                Jan 12, 2025 15:49:24.334764004 CET393923778192.168.2.1494.158.245.27
                Jan 12, 2025 15:49:24.334796906 CET37783939294.158.245.27192.168.2.14
                Jan 12, 2025 15:49:24.334803104 CET393923778192.168.2.1494.158.245.27
                Jan 12, 2025 15:49:24.334849119 CET393923778192.168.2.1494.158.245.27
                Jan 12, 2025 15:49:24.334884882 CET37783939294.158.245.27192.168.2.14
                Jan 12, 2025 15:49:24.334922075 CET37783939294.158.245.27192.168.2.14
                Jan 12, 2025 15:49:24.334940910 CET393923778192.168.2.1494.158.245.27
                Jan 12, 2025 15:49:24.334942102 CET393923778192.168.2.1494.158.245.27
                Jan 12, 2025 15:49:24.334956884 CET37783939294.158.245.27192.168.2.14
                Jan 12, 2025 15:49:24.334966898 CET393923778192.168.2.1494.158.245.27
                Jan 12, 2025 15:49:24.334991932 CET37783939294.158.245.27192.168.2.14
                Jan 12, 2025 15:49:24.335001945 CET393923778192.168.2.1494.158.245.27
                Jan 12, 2025 15:49:24.335031033 CET393923778192.168.2.1494.158.245.27
                Jan 12, 2025 15:49:24.335573912 CET393943778192.168.2.1494.158.245.27
                Jan 12, 2025 15:49:24.339989901 CET37783939294.158.245.27192.168.2.14
                Jan 12, 2025 15:49:24.340028048 CET37783939294.158.245.27192.168.2.14
                Jan 12, 2025 15:49:24.340033054 CET393923778192.168.2.1494.158.245.27
                Jan 12, 2025 15:49:24.340080023 CET393923778192.168.2.1494.158.245.27
                Jan 12, 2025 15:49:24.344688892 CET37783939494.158.245.27192.168.2.14
                Jan 12, 2025 15:49:24.344748020 CET393943778192.168.2.1494.158.245.27
                Jan 12, 2025 15:49:24.345767975 CET393943778192.168.2.1494.158.245.27
                Jan 12, 2025 15:49:24.350586891 CET37783939494.158.245.27192.168.2.14
                Jan 12, 2025 15:49:24.350627899 CET393943778192.168.2.1494.158.245.27
                Jan 12, 2025 15:49:24.355490923 CET37783939494.158.245.27192.168.2.14
                Jan 12, 2025 15:49:25.039583921 CET37783939494.158.245.27192.168.2.14
                Jan 12, 2025 15:49:25.039766073 CET37783939494.158.245.27192.168.2.14
                Jan 12, 2025 15:49:25.039803982 CET37783939494.158.245.27192.168.2.14
                Jan 12, 2025 15:49:25.039825916 CET393943778192.168.2.1494.158.245.27
                Jan 12, 2025 15:49:25.039841890 CET37783939494.158.245.27192.168.2.14
                Jan 12, 2025 15:49:25.039860964 CET393943778192.168.2.1494.158.245.27
                Jan 12, 2025 15:49:25.039860964 CET393943778192.168.2.1494.158.245.27
                Jan 12, 2025 15:49:25.039860964 CET393943778192.168.2.1494.158.245.27
                Jan 12, 2025 15:49:25.039882898 CET37783939494.158.245.27192.168.2.14
                Jan 12, 2025 15:49:25.039910078 CET393943778192.168.2.1494.158.245.27
                Jan 12, 2025 15:49:25.039920092 CET37783939494.158.245.27192.168.2.14
                Jan 12, 2025 15:49:25.039935112 CET393943778192.168.2.1494.158.245.27
                Jan 12, 2025 15:49:25.039953947 CET37783939494.158.245.27192.168.2.14
                Jan 12, 2025 15:49:25.039963007 CET393943778192.168.2.1494.158.245.27
                Jan 12, 2025 15:49:25.039988041 CET37783939494.158.245.27192.168.2.14
                Jan 12, 2025 15:49:25.039999962 CET393943778192.168.2.1494.158.245.27
                Jan 12, 2025 15:49:25.040021896 CET37783939494.158.245.27192.168.2.14
                Jan 12, 2025 15:49:25.040030956 CET393943778192.168.2.1494.158.245.27
                Jan 12, 2025 15:49:25.040056944 CET37783939494.158.245.27192.168.2.14
                Jan 12, 2025 15:49:25.040061951 CET393943778192.168.2.1494.158.245.27
                Jan 12, 2025 15:49:25.040096998 CET393943778192.168.2.1494.158.245.27
                Jan 12, 2025 15:49:25.040797949 CET393963778192.168.2.1494.158.245.27
                Jan 12, 2025 15:49:25.045731068 CET37783939694.158.245.27192.168.2.14
                Jan 12, 2025 15:49:25.045803070 CET393963778192.168.2.1494.158.245.27
                Jan 12, 2025 15:49:25.046857119 CET393963778192.168.2.1494.158.245.27
                Jan 12, 2025 15:49:25.051753044 CET37783939694.158.245.27192.168.2.14
                Jan 12, 2025 15:49:25.051811934 CET393963778192.168.2.1494.158.245.27
                Jan 12, 2025 15:49:25.056706905 CET37783939694.158.245.27192.168.2.14
                Jan 12, 2025 15:49:25.728699923 CET37783939694.158.245.27192.168.2.14
                Jan 12, 2025 15:49:25.728857994 CET393963778192.168.2.1494.158.245.27
                Jan 12, 2025 15:49:25.728857994 CET393963778192.168.2.1494.158.245.27
                Jan 12, 2025 15:49:25.728987932 CET37783939694.158.245.27192.168.2.14
                Jan 12, 2025 15:49:25.729026079 CET37783939694.158.245.27192.168.2.14
                Jan 12, 2025 15:49:25.729060888 CET37783939694.158.245.27192.168.2.14
                Jan 12, 2025 15:49:25.729095936 CET37783939694.158.245.27192.168.2.14
                Jan 12, 2025 15:49:25.729140043 CET37783939694.158.245.27192.168.2.14
                Jan 12, 2025 15:49:25.729159117 CET37783939694.158.245.27192.168.2.14
                Jan 12, 2025 15:49:25.729162931 CET393963778192.168.2.1494.158.245.27
                Jan 12, 2025 15:49:25.729163885 CET393963778192.168.2.1494.158.245.27
                Jan 12, 2025 15:49:25.729176998 CET37783939694.158.245.27192.168.2.14
                Jan 12, 2025 15:49:25.729193926 CET393963778192.168.2.1494.158.245.27
                Jan 12, 2025 15:49:25.729193926 CET393963778192.168.2.1494.158.245.27
                Jan 12, 2025 15:49:25.729214907 CET393963778192.168.2.1494.158.245.27
                Jan 12, 2025 15:49:25.729214907 CET393963778192.168.2.1494.158.245.27
                Jan 12, 2025 15:49:25.729214907 CET393963778192.168.2.1494.158.245.27
                Jan 12, 2025 15:49:25.729592085 CET393983778192.168.2.1494.158.245.27
                Jan 12, 2025 15:49:25.731125116 CET37783939694.158.245.27192.168.2.14
                Jan 12, 2025 15:49:25.731157064 CET37783939694.158.245.27192.168.2.14
                Jan 12, 2025 15:49:25.731174946 CET393963778192.168.2.1494.158.245.27
                Jan 12, 2025 15:49:25.731198072 CET393963778192.168.2.1494.158.245.27
                Jan 12, 2025 15:49:25.734049082 CET37783939694.158.245.27192.168.2.14
                Jan 12, 2025 15:49:25.734095097 CET393963778192.168.2.1494.158.245.27
                Jan 12, 2025 15:49:25.734456062 CET37783939894.158.245.27192.168.2.14
                Jan 12, 2025 15:49:25.734513998 CET393983778192.168.2.1494.158.245.27
                Jan 12, 2025 15:49:25.735539913 CET393983778192.168.2.1494.158.245.27
                Jan 12, 2025 15:49:25.740400076 CET37783939894.158.245.27192.168.2.14
                Jan 12, 2025 15:49:25.740449905 CET393983778192.168.2.1494.158.245.27
                Jan 12, 2025 15:49:25.745255947 CET37783939894.158.245.27192.168.2.14
                Jan 12, 2025 15:49:26.266767979 CET393983778192.168.2.1494.158.245.27
                Jan 12, 2025 15:49:26.272003889 CET37783939894.158.245.27192.168.2.14
                Jan 12, 2025 15:49:26.272049904 CET393983778192.168.2.1494.158.245.27

                UDP Packets

                TimestampSource PortDest PortSource IPDest IP
                Jan 12, 2025 15:52:04.126760006 CET5987053192.168.2.148.8.8.8
                Jan 12, 2025 15:52:04.126827002 CET4773353192.168.2.148.8.8.8
                Jan 12, 2025 15:52:04.133204937 CET53598708.8.8.8192.168.2.14
                Jan 12, 2025 15:52:04.133229017 CET53477338.8.8.8192.168.2.14

                DNS Queries

                TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                Jan 12, 2025 15:52:04.126760006 CET192.168.2.148.8.8.80x2f25Standard query (0)daisy.ubuntu.comA (IP address)IN (0x0001)false
                Jan 12, 2025 15:52:04.126827002 CET192.168.2.148.8.8.80xfb67Standard query (0)daisy.ubuntu.com28IN (0x0001)false

                DNS Answers

                TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                Jan 12, 2025 15:52:04.133204937 CET8.8.8.8192.168.2.140x2f25No error (0)daisy.ubuntu.com162.213.35.25A (IP address)IN (0x0001)false
                Jan 12, 2025 15:52:04.133204937 CET8.8.8.8192.168.2.140x2f25No error (0)daisy.ubuntu.com162.213.35.24A (IP address)IN (0x0001)false

                System Behavior

                General

                Start time (UTC):14:49:20
                Start date (UTC):12/01/2025
                Path:/tmp/boatnet.x86_64.elf
                Arguments:/tmp/boatnet.x86_64.elf
                File size:32564 bytes
                MD5 hash:709b104e746f24f3b18f7a1118c18bf0

                Chronological Activities


                General

                Start time (UTC):14:49:20
                Start date (UTC):12/01/2025
                Path:/tmp/boatnet.x86_64.elf
                Arguments:-
                File size:32564 bytes
                MD5 hash:709b104e746f24f3b18f7a1118c18bf0

                Chronological Activities


                General

                Start time (UTC):14:49:20
                Start date (UTC):12/01/2025
                Path:/tmp/boatnet.x86_64.elf
                Arguments:-
                File size:32564 bytes
                MD5 hash:709b104e746f24f3b18f7a1118c18bf0

                Chronological Activities


                General

                Start time (UTC):14:49:20
                Start date (UTC):12/01/2025
                Path:/tmp/boatnet.x86_64.elf
                Arguments:-
                File size:32564 bytes
                MD5 hash:709b104e746f24f3b18f7a1118c18bf0

                Chronological Activities


                General

                Start time (UTC):14:49:25
                Start date (UTC):12/01/2025
                Path:/usr/bin/xfce4-panel
                Arguments:-
                File size:375768 bytes
                MD5 hash:a15b657c7d54ac1385f1f15004ea6784

                Chronological Activities


                General

                Start time (UTC):14:49:25
                Start date (UTC):12/01/2025
                Path:/usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0
                Arguments:/usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 /usr/lib/x86_64-linux-gnu/xfce4/panel/plugins/libsystray.so 6 12582920 systray "Notification Area" "Area where notification icons appear"
                File size:35136 bytes
                MD5 hash:ac0b8a906f359a8ae102244738682e76

                Chronological Activities


                General

                Start time (UTC):14:49:25
                Start date (UTC):12/01/2025
                Path:/usr/bin/xfce4-panel
                Arguments:-
                File size:375768 bytes
                MD5 hash:a15b657c7d54ac1385f1f15004ea6784

                Chronological Activities


                General

                Start time (UTC):14:49:25
                Start date (UTC):12/01/2025
                Path:/usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0
                Arguments:/usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 /usr/lib/x86_64-linux-gnu/xfce4/panel/plugins/libstatusnotifier.so 7 12582921 statusnotifier "Status Notifier Plugin" "Provides a panel area for status notifier items (application indicators)"
                File size:35136 bytes
                MD5 hash:ac0b8a906f359a8ae102244738682e76

                Chronological Activities


                General

                Start time (UTC):14:49:25
                Start date (UTC):12/01/2025
                Path:/usr/bin/xfce4-panel
                Arguments:-
                File size:375768 bytes
                MD5 hash:a15b657c7d54ac1385f1f15004ea6784

                Chronological Activities


                General

                Start time (UTC):14:49:25
                Start date (UTC):12/01/2025
                Path:/usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0
                Arguments:/usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 /usr/lib/x86_64-linux-gnu/xfce4/panel/plugins/libpulseaudio-plugin.so 8 12582922 pulseaudio "PulseAudio Plugin" "Adjust the audio volume of the PulseAudio sound system"
                File size:35136 bytes
                MD5 hash:ac0b8a906f359a8ae102244738682e76

                Chronological Activities


                General

                Start time (UTC):14:49:25
                Start date (UTC):12/01/2025
                Path:/usr/bin/xfce4-panel
                Arguments:-
                File size:375768 bytes
                MD5 hash:a15b657c7d54ac1385f1f15004ea6784

                Chronological Activities


                General

                Start time (UTC):14:49:25
                Start date (UTC):12/01/2025
                Path:/usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0
                Arguments:/usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 /usr/lib/x86_64-linux-gnu/xfce4/panel/plugins/libxfce4powermanager.so 9 12582923 power-manager-plugin "Power Manager Plugin" "Display the battery levels of your devices and control the brightness of your display"
                File size:35136 bytes
                MD5 hash:ac0b8a906f359a8ae102244738682e76

                Chronological Activities


                General

                Start time (UTC):14:49:33
                Start date (UTC):12/01/2025
                Path:/usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0
                Arguments:-
                File size:35136 bytes
                MD5 hash:ac0b8a906f359a8ae102244738682e76

                Chronological Activities


                General

                Start time (UTC):14:49:33
                Start date (UTC):12/01/2025
                Path:/usr/sbin/xfpm-power-backlight-helper
                Arguments:/usr/sbin/xfpm-power-backlight-helper --get-max-brightness
                File size:14656 bytes
                MD5 hash:3d221ad23f28ca3259f599b1664e2427

                Chronological Activities


                General

                Start time (UTC):14:49:25
                Start date (UTC):12/01/2025
                Path:/usr/bin/xfce4-panel
                Arguments:-
                File size:375768 bytes
                MD5 hash:a15b657c7d54ac1385f1f15004ea6784

                Chronological Activities


                General

                Start time (UTC):14:49:25
                Start date (UTC):12/01/2025
                Path:/usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0
                Arguments:/usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 /usr/lib/x86_64-linux-gnu/xfce4/panel/plugins/libnotification-plugin.so 10 12582924 notification-plugin "Notification Plugin" "Notification plugin for the Xfce panel"
                File size:35136 bytes
                MD5 hash:ac0b8a906f359a8ae102244738682e76

                Chronological Activities


                General

                Start time (UTC):14:49:25
                Start date (UTC):12/01/2025
                Path:/usr/bin/xfce4-panel
                Arguments:-
                File size:375768 bytes
                MD5 hash:a15b657c7d54ac1385f1f15004ea6784

                Chronological Activities


                General

                Start time (UTC):14:49:25
                Start date (UTC):12/01/2025
                Path:/usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0
                Arguments:/usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 /usr/lib/x86_64-linux-gnu/xfce4/panel/plugins/libactions.so 14 12582925 actions "Action Buttons" "Log out, lock or other system actions"
                File size:35136 bytes
                MD5 hash:ac0b8a906f359a8ae102244738682e76

                Chronological Activities


                General

                Start time (UTC):14:49:32
                Start date (UTC):12/01/2025
                Path:/usr/bin/dbus-daemon
                Arguments:-
                File size:249032 bytes
                MD5 hash:3089d47e3f3ab84cd81c48fd406d7a8c

                Chronological Activities


                General

                Start time (UTC):14:49:32
                Start date (UTC):12/01/2025
                Path:/usr/lib/x86_64-linux-gnu/xfce4/xfconf/xfconfd
                Arguments:/usr/lib/x86_64-linux-gnu/xfce4/xfconf/xfconfd
                File size:112880 bytes
                MD5 hash:4c7a0d6d258bb970905b19b84abcd8e9

                Chronological Activities


                General

                Start time (UTC):14:49:37
                Start date (UTC):12/01/2025
                Path:/usr/lib/systemd/systemd
                Arguments:-
                File size:1620224 bytes
                MD5 hash:9b2bec7092a40488108543f9334aab75

                Chronological Activities


                General

                Start time (UTC):14:49:37
                Start date (UTC):12/01/2025
                Path:/usr/lib/x86_64-linux-gnu/xfce4/notifyd/xfce4-notifyd
                Arguments:/usr/lib/x86_64-linux-gnu/xfce4/notifyd/xfce4-notifyd
                File size:112872 bytes
                MD5 hash:eee956f1b227c1d5031f9c61223255d1

                Chronological Activities