Joe Sandbox Cloud Basic Analysis Report
Edit tour

Linux Analysis Report
45.11.229.95-boatnet.arm7-2025-01-19T02_22_31.elf

Overview

General Information

Sample name:45.11.229.95-boatnet.arm7-2025-01-19T02_22_31.elf
Analysis ID:1594525
MD5:d3933f1cd5e7633906774078e050ca4f
SHA1:df8bddfc958fabc7c0105df9769b7a76ab3b1bcd
SHA256:131909f6e594c6b3199b32959ec4d128a9f4ea72d836e21a6bd9a3cc4e51bdfc
Tags:elfuser-threatquery
Infos:

Detection

Mirai
Score:80
Range:0 - 100
Whitelisted:false

Signatures

Malicious sample detected (through community Yara rule)
Multi AV Scanner detection for submitted file
Yara detected Mirai
Sample is packed with UPX
Sample tries to kill multiple processes (SIGKILL)
Creates hidden files and/or directories
Detected TCP or UDP traffic on non-standard ports
Document contains embedded VBA macros
Document misses a certain OLE stream usually present in this Microsoft Office document type
ELF contains segments with high entropy indicating compressed/encrypted content
Enumerates processes within the "proc" file system
Sample contains only a LOAD segment without any section mappings
Sample tries to kill a process (SIGKILL)
Uses the "uname" system call to query kernel version information (possible evasion)
Yara signature match

Classification

RansomwareSpreadingPhishingBankerTrojan / BotAdwareSpywareExploiterEvaderMinercleansuspiciousmalicious

General Information

Joe Sandbox version:42.0.0 Malachite
Analysis ID:1594525
Start date and time:2025-01-19 05:13:13 +01:00
Joe Sandbox product:CloudBasic
Overall analysis duration:0h 5m 12s
Hypervisor based Inspection enabled:false
Report type:full
Cookbook file name:defaultlinuxfilecookbook.jbs
Analysis system description:Ubuntu Linux 20.04 x64 (Kernel 5.4.0-72, Firefox 91.0, Evince Document Viewer 3.36.10, LibreOffice 6.4.7.2, OpenJDK 11.0.11)
Analysis Mode:default
Sample name:45.11.229.95-boatnet.arm7-2025-01-19T02_22_31.elf
Detection:MAL
Classification:mal80.spre.troj.evad.linELF@0/1@2/0

Runtime Messages

Command:/tmp/45.11.229.95-boatnet.arm7-2025-01-19T02_22_31.elf
PID:5496
Exit Code:0
Exit Code Info:
Killed:False
Standard Output:
lzrd cock fest"/proc/"/exe
Standard Error:

Process Tree

  • system is lnxubuntu20
  • wrapper-2.0 (PID: 5509, Parent: 3172, MD5: ac0b8a906f359a8ae102244738682e76) Arguments: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 /usr/lib/x86_64-linux-gnu/xfce4/panel/plugins/libsystray.so 6 12582920 systray "Notification Area" "Area where notification icons appear"
  • wrapper-2.0 (PID: 5510, Parent: 3172, MD5: ac0b8a906f359a8ae102244738682e76) Arguments: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 /usr/lib/x86_64-linux-gnu/xfce4/panel/plugins/libstatusnotifier.so 7 12582921 statusnotifier "Status Notifier Plugin" "Provides a panel area for status notifier items (application indicators)"
  • wrapper-2.0 (PID: 5511, Parent: 3172, MD5: ac0b8a906f359a8ae102244738682e76) Arguments: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 /usr/lib/x86_64-linux-gnu/xfce4/panel/plugins/libpulseaudio-plugin.so 8 12582922 pulseaudio "PulseAudio Plugin" "Adjust the audio volume of the PulseAudio sound system"
  • wrapper-2.0 (PID: 5512, Parent: 3172, MD5: ac0b8a906f359a8ae102244738682e76) Arguments: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 /usr/lib/x86_64-linux-gnu/xfce4/panel/plugins/libxfce4powermanager.so 9 12582923 power-manager-plugin "Power Manager Plugin" "Display the battery levels of your devices and control the brightness of your display"
    • xfpm-power-backlight-helper (PID: 5533, Parent: 5512, MD5: 3d221ad23f28ca3259f599b1664e2427) Arguments: /usr/sbin/xfpm-power-backlight-helper --get-max-brightness
  • wrapper-2.0 (PID: 5513, Parent: 3172, MD5: ac0b8a906f359a8ae102244738682e76) Arguments: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 /usr/lib/x86_64-linux-gnu/xfce4/panel/plugins/libnotification-plugin.so 10 12582924 notification-plugin "Notification Plugin" "Notification plugin for the Xfce panel"
  • wrapper-2.0 (PID: 5514, Parent: 3172, MD5: ac0b8a906f359a8ae102244738682e76) Arguments: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 /usr/lib/x86_64-linux-gnu/xfce4/panel/plugins/libactions.so 14 12582925 actions "Action Buttons" "Log out, lock or other system actions"
  • xfconfd (PID: 5532, Parent: 5531, MD5: 4c7a0d6d258bb970905b19b84abcd8e9) Arguments: /usr/lib/x86_64-linux-gnu/xfce4/xfconf/xfconfd
  • systemd New Fork (PID: 5541, Parent: 2955)
  • xfce4-notifyd (PID: 5541, Parent: 2955, MD5: eee956f1b227c1d5031f9c61223255d1) Arguments: /usr/lib/x86_64-linux-gnu/xfce4/notifyd/xfce4-notifyd
  • cleanup

Malware Threat Intel

Provided by

NameDescriptionAttributionBlogpost URLsLink
MiraiMirai is one of the first significant botnets targeting exposed networking devices running Linux. Found in August 2016 by MalwareMustDie, its name means "future" in Japanese. Nowadays it targets a wide range of networked embedded devices such as IP cameras, home routers (many vendors involved), and other IoT devices. Since the source code was published on "Hack Forums" many variants of the Mirai family appeared, infecting mostly home networks all around the world.No Attributionhttps://malpedia.caad.fkie.fraunhofer.de/details/elf.mirai

Yara Signatures

Memory Dumps

SourceRuleDescriptionAuthorStrings
5496.1.00007f5c80017000.00007f5c80031000.r-x.sdmpJoeSecurity_Mirai_5Yara detected MiraiJoe Security
    5496.1.00007f5c80017000.00007f5c80031000.r-x.sdmpJoeSecurity_Mirai_8Yara detected MiraiJoe Security
      5496.1.00007f5c80017000.00007f5c80031000.r-x.sdmpLinux_Trojan_Gafgyt_28a2fe0cunknownunknown
      • 0x17ebc:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
      • 0x17ed0:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
      • 0x17ee4:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
      • 0x17ef8:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
      • 0x17f0c:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
      • 0x17f20:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
      • 0x17f34:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
      • 0x17f48:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
      • 0x17f5c:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
      • 0x17f70:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
      • 0x17f84:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
      • 0x17f98:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
      • 0x17fac:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
      • 0x17fc0:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
      • 0x17fd4:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
      • 0x17fe8:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
      • 0x17ffc:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
      • 0x18010:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
      • 0x18024:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
      • 0x18038:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
      • 0x1804c:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
      5496.1.00007f5c80017000.00007f5c80031000.r-x.sdmpLinux_Trojan_Gafgyt_ea92cca8unknownunknown
      • 0x18414:$a: 53 65 6C 66 20 52 65 70 20 46 75 63 6B 69 6E 67 20 4E 65 54 69 53 20 61 6E 64
      5496.1.00007f5c80017000.00007f5c80031000.r-x.sdmpMirai_Botnet_MalwareDetects Mirai Botnet MalwareFlorian Roth
      • 0x17e38:$x1: POST /cdn-cgi/
      • 0x18c34:$s1: LCOGQGPTGP
      Click to see the 22 entries

      Suricata Signatures

      No Suricata rule has matched

      Joe Sandbox Signatures

      • AV Detection
      • Networking
      • System Summary
      • Data Obfuscation
      • Persistence and Installation Behavior
      • Hooking and other Techniques for Hiding and Protection
      • Malware Analysis System Evasion
      • Stealing of Sensitive Information
      • Remote Access Functionality

      Click to jump to signature section

      Show All Signature Results

      AV Detection

      barindex
      Source: 45.11.229.95-boatnet.arm7-2025-01-19T02_22_31.elfVirustotal: Detection: 36%Perma Link
      Source: 45.11.229.95-boatnet.arm7-2025-01-19T02_22_31.elfReversingLabs: Detection: 42%
      Source: global trafficTCP traffic: 192.168.2.14:43334 -> 45.11.229.95:3778
      Source: unknownTCP traffic detected without corresponding DNS query: 45.11.229.95
      Source: unknownTCP traffic detected without corresponding DNS query: 45.11.229.95
      Source: unknownTCP traffic detected without corresponding DNS query: 45.11.229.95
      Source: unknownTCP traffic detected without corresponding DNS query: 45.11.229.95
      Source: unknownTCP traffic detected without corresponding DNS query: 45.11.229.95
      Source: unknownTCP traffic detected without corresponding DNS query: 45.11.229.95
      Source: unknownTCP traffic detected without corresponding DNS query: 45.11.229.95
      Source: unknownTCP traffic detected without corresponding DNS query: 45.11.229.95
      Source: unknownTCP traffic detected without corresponding DNS query: 45.11.229.95
      Source: unknownTCP traffic detected without corresponding DNS query: 45.11.229.95
      Source: unknownTCP traffic detected without corresponding DNS query: 45.11.229.95
      Source: unknownTCP traffic detected without corresponding DNS query: 45.11.229.95
      Source: unknownTCP traffic detected without corresponding DNS query: 45.11.229.95
      Source: unknownTCP traffic detected without corresponding DNS query: 45.11.229.95
      Source: unknownTCP traffic detected without corresponding DNS query: 45.11.229.95
      Source: unknownTCP traffic detected without corresponding DNS query: 45.11.229.95
      Source: unknownTCP traffic detected without corresponding DNS query: 45.11.229.95
      Source: unknownTCP traffic detected without corresponding DNS query: 45.11.229.95
      Source: unknownTCP traffic detected without corresponding DNS query: 45.11.229.95
      Source: unknownTCP traffic detected without corresponding DNS query: 45.11.229.95
      Source: unknownTCP traffic detected without corresponding DNS query: 45.11.229.95
      Source: unknownTCP traffic detected without corresponding DNS query: 45.11.229.95
      Source: unknownTCP traffic detected without corresponding DNS query: 45.11.229.95
      Source: unknownTCP traffic detected without corresponding DNS query: 45.11.229.95
      Source: unknownTCP traffic detected without corresponding DNS query: 45.11.229.95
      Source: unknownTCP traffic detected without corresponding DNS query: 45.11.229.95
      Source: unknownTCP traffic detected without corresponding DNS query: 45.11.229.95
      Source: unknownTCP traffic detected without corresponding DNS query: 45.11.229.95
      Source: unknownTCP traffic detected without corresponding DNS query: 45.11.229.95
      Source: unknownTCP traffic detected without corresponding DNS query: 45.11.229.95
      Source: unknownTCP traffic detected without corresponding DNS query: 45.11.229.95
      Source: unknownTCP traffic detected without corresponding DNS query: 45.11.229.95
      Source: unknownTCP traffic detected without corresponding DNS query: 45.11.229.95
      Source: unknownTCP traffic detected without corresponding DNS query: 45.11.229.95
      Source: unknownTCP traffic detected without corresponding DNS query: 45.11.229.95
      Source: unknownTCP traffic detected without corresponding DNS query: 45.11.229.95
      Source: unknownTCP traffic detected without corresponding DNS query: 45.11.229.95
      Source: unknownTCP traffic detected without corresponding DNS query: 45.11.229.95
      Source: unknownTCP traffic detected without corresponding DNS query: 45.11.229.95
      Source: unknownTCP traffic detected without corresponding DNS query: 45.11.229.95
      Source: unknownTCP traffic detected without corresponding DNS query: 45.11.229.95
      Source: unknownTCP traffic detected without corresponding DNS query: 45.11.229.95
      Source: unknownTCP traffic detected without corresponding DNS query: 45.11.229.95
      Source: unknownTCP traffic detected without corresponding DNS query: 45.11.229.95
      Source: unknownTCP traffic detected without corresponding DNS query: 45.11.229.95
      Source: unknownTCP traffic detected without corresponding DNS query: 45.11.229.95
      Source: unknownTCP traffic detected without corresponding DNS query: 45.11.229.95
      Source: unknownTCP traffic detected without corresponding DNS query: 45.11.229.95
      Source: unknownTCP traffic detected without corresponding DNS query: 45.11.229.95
      Source: unknownTCP traffic detected without corresponding DNS query: 45.11.229.95
      Source: global trafficDNS traffic detected: DNS query: daisy.ubuntu.com
      Source: 45.11.229.95-boatnet.arm7-2025-01-19T02_22_31.elfString found in binary or memory: http://upx.sf.net

      System Summary

      barindex
      Source: 5496.1.00007f5c80017000.00007f5c80031000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_28a2fe0c Author: unknown
      Source: 5496.1.00007f5c80017000.00007f5c80031000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_ea92cca8 Author: unknown
      Source: 5496.1.00007f5c80017000.00007f5c80031000.r-x.sdmp, type: MEMORYMatched rule: Detects Mirai Botnet Malware Author: Florian Roth
      Source: 5496.1.00007f5c80017000.00007f5c80031000.r-x.sdmp, type: MEMORYMatched rule: Detects ELF malware Mirai related Author: Florian Roth
      Source: 5500.1.00007f5c80017000.00007f5c80031000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_28a2fe0c Author: unknown
      Source: 5500.1.00007f5c80017000.00007f5c80031000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_ea92cca8 Author: unknown
      Source: 5500.1.00007f5c80017000.00007f5c80031000.r-x.sdmp, type: MEMORYMatched rule: Detects Mirai Botnet Malware Author: Florian Roth
      Source: 5500.1.00007f5c80017000.00007f5c80031000.r-x.sdmp, type: MEMORYMatched rule: Detects ELF malware Mirai related Author: Florian Roth
      Source: 5502.1.00007f5c80017000.00007f5c80031000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_28a2fe0c Author: unknown
      Source: 5502.1.00007f5c80017000.00007f5c80031000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_ea92cca8 Author: unknown
      Source: 5502.1.00007f5c80017000.00007f5c80031000.r-x.sdmp, type: MEMORYMatched rule: Detects Mirai Botnet Malware Author: Florian Roth
      Source: 5502.1.00007f5c80017000.00007f5c80031000.r-x.sdmp, type: MEMORYMatched rule: Detects ELF malware Mirai related Author: Florian Roth
      Source: Process Memory Space: 45.11.229.95-boatnet.arm7-2025-01-19T02_22_31.elf PID: 5496, type: MEMORYSTRMatched rule: Linux_Trojan_Gafgyt_28a2fe0c Author: unknown
      Source: Process Memory Space: 45.11.229.95-boatnet.arm7-2025-01-19T02_22_31.elf PID: 5496, type: MEMORYSTRMatched rule: Linux_Trojan_Gafgyt_ea92cca8 Author: unknown
      Source: Process Memory Space: 45.11.229.95-boatnet.arm7-2025-01-19T02_22_31.elf PID: 5500, type: MEMORYSTRMatched rule: Linux_Trojan_Gafgyt_28a2fe0c Author: unknown
      Source: Process Memory Space: 45.11.229.95-boatnet.arm7-2025-01-19T02_22_31.elf PID: 5500, type: MEMORYSTRMatched rule: Linux_Trojan_Gafgyt_ea92cca8 Author: unknown
      Source: Process Memory Space: 45.11.229.95-boatnet.arm7-2025-01-19T02_22_31.elf PID: 5502, type: MEMORYSTRMatched rule: Linux_Trojan_Gafgyt_28a2fe0c Author: unknown
      Source: Process Memory Space: 45.11.229.95-boatnet.arm7-2025-01-19T02_22_31.elf PID: 5502, type: MEMORYSTRMatched rule: Linux_Trojan_Gafgyt_ea92cca8 Author: unknown
      Source: /tmp/45.11.229.95-boatnet.arm7-2025-01-19T02_22_31.elf (PID: 5498)SIGKILL sent: pid: 3129, result: successfulJump to behavior
      Source: /tmp/45.11.229.95-boatnet.arm7-2025-01-19T02_22_31.elf (PID: 5498)SIGKILL sent: pid: 3184, result: successfulJump to behavior
      Source: /tmp/45.11.229.95-boatnet.arm7-2025-01-19T02_22_31.elf (PID: 5498)SIGKILL sent: pid: 3187, result: successfulJump to behavior
      Source: /tmp/45.11.229.95-boatnet.arm7-2025-01-19T02_22_31.elf (PID: 5498)SIGKILL sent: pid: 3188, result: successfulJump to behavior
      Source: /tmp/45.11.229.95-boatnet.arm7-2025-01-19T02_22_31.elf (PID: 5498)SIGKILL sent: pid: 3189, result: successfulJump to behavior
      Source: /tmp/45.11.229.95-boatnet.arm7-2025-01-19T02_22_31.elf (PID: 5498)SIGKILL sent: pid: 3190, result: successfulJump to behavior
      Source: /tmp/45.11.229.95-boatnet.arm7-2025-01-19T02_22_31.elf (PID: 5498)SIGKILL sent: pid: 3193, result: successfulJump to behavior
      Source: /tmp/45.11.229.95-boatnet.arm7-2025-01-19T02_22_31.elf (PID: 5498)SIGKILL sent: pid: 3207, result: successfulJump to behavior
      Source: /tmp/45.11.229.95-boatnet.arm7-2025-01-19T02_22_31.elf (PID: 5498)SIGKILL sent: pid: 3215, result: successfulJump to behavior
      Source: /tmp/45.11.229.95-boatnet.arm7-2025-01-19T02_22_31.elf (PID: 5498)SIGKILL sent: pid: 3235, result: successfulJump to behavior
      Source: /tmp/45.11.229.95-boatnet.arm7-2025-01-19T02_22_31.elf (PID: 5498)SIGKILL sent: pid: 5502, result: successfulJump to behavior
      Source: /tmp/45.11.229.95-boatnet.arm7-2025-01-19T02_22_31.elf (PID: 5498)SIGKILL sent: pid: 5509, result: successfulJump to behavior
      Source: /tmp/45.11.229.95-boatnet.arm7-2025-01-19T02_22_31.elf (PID: 5498)SIGKILL sent: pid: 5510, result: successfulJump to behavior
      Source: /tmp/45.11.229.95-boatnet.arm7-2025-01-19T02_22_31.elf (PID: 5498)SIGKILL sent: pid: 5511, result: successfulJump to behavior
      Source: /tmp/45.11.229.95-boatnet.arm7-2025-01-19T02_22_31.elf (PID: 5498)SIGKILL sent: pid: 5512, result: successfulJump to behavior
      Source: /tmp/45.11.229.95-boatnet.arm7-2025-01-19T02_22_31.elf (PID: 5498)SIGKILL sent: pid: 5513, result: successfulJump to behavior
      Source: /tmp/45.11.229.95-boatnet.arm7-2025-01-19T02_22_31.elf (PID: 5498)SIGKILL sent: pid: 5514, result: successfulJump to behavior
      Source: /tmp/45.11.229.95-boatnet.arm7-2025-01-19T02_22_31.elf (PID: 5498)SIGKILL sent: pid: 5532, result: successfulJump to behavior
      Source: /tmp/45.11.229.95-boatnet.arm7-2025-01-19T02_22_31.elf (PID: 5498)SIGKILL sent: pid: 5541, result: successfulJump to behavior
      Source: xfce4-panel.xml.new.29.drOLE indicator, VBA macros: true
      Source: xfce4-panel.xml.new.29.drOLE stream indicators for Word, Excel, PowerPoint, and Visio: all false
      Source: LOAD without section mappingsProgram segment: 0x8000
      Source: /tmp/45.11.229.95-boatnet.arm7-2025-01-19T02_22_31.elf (PID: 5498)SIGKILL sent: pid: 3129, result: successfulJump to behavior
      Source: /tmp/45.11.229.95-boatnet.arm7-2025-01-19T02_22_31.elf (PID: 5498)SIGKILL sent: pid: 3184, result: successfulJump to behavior
      Source: /tmp/45.11.229.95-boatnet.arm7-2025-01-19T02_22_31.elf (PID: 5498)SIGKILL sent: pid: 3187, result: successfulJump to behavior
      Source: /tmp/45.11.229.95-boatnet.arm7-2025-01-19T02_22_31.elf (PID: 5498)SIGKILL sent: pid: 3188, result: successfulJump to behavior
      Source: /tmp/45.11.229.95-boatnet.arm7-2025-01-19T02_22_31.elf (PID: 5498)SIGKILL sent: pid: 3189, result: successfulJump to behavior
      Source: /tmp/45.11.229.95-boatnet.arm7-2025-01-19T02_22_31.elf (PID: 5498)SIGKILL sent: pid: 3190, result: successfulJump to behavior
      Source: /tmp/45.11.229.95-boatnet.arm7-2025-01-19T02_22_31.elf (PID: 5498)SIGKILL sent: pid: 3193, result: successfulJump to behavior
      Source: /tmp/45.11.229.95-boatnet.arm7-2025-01-19T02_22_31.elf (PID: 5498)SIGKILL sent: pid: 3207, result: successfulJump to behavior
      Source: /tmp/45.11.229.95-boatnet.arm7-2025-01-19T02_22_31.elf (PID: 5498)SIGKILL sent: pid: 3215, result: successfulJump to behavior
      Source: /tmp/45.11.229.95-boatnet.arm7-2025-01-19T02_22_31.elf (PID: 5498)SIGKILL sent: pid: 3235, result: successfulJump to behavior
      Source: /tmp/45.11.229.95-boatnet.arm7-2025-01-19T02_22_31.elf (PID: 5498)SIGKILL sent: pid: 5502, result: successfulJump to behavior
      Source: /tmp/45.11.229.95-boatnet.arm7-2025-01-19T02_22_31.elf (PID: 5498)SIGKILL sent: pid: 5509, result: successfulJump to behavior
      Source: /tmp/45.11.229.95-boatnet.arm7-2025-01-19T02_22_31.elf (PID: 5498)SIGKILL sent: pid: 5510, result: successfulJump to behavior
      Source: /tmp/45.11.229.95-boatnet.arm7-2025-01-19T02_22_31.elf (PID: 5498)SIGKILL sent: pid: 5511, result: successfulJump to behavior
      Source: /tmp/45.11.229.95-boatnet.arm7-2025-01-19T02_22_31.elf (PID: 5498)SIGKILL sent: pid: 5512, result: successfulJump to behavior
      Source: /tmp/45.11.229.95-boatnet.arm7-2025-01-19T02_22_31.elf (PID: 5498)SIGKILL sent: pid: 5513, result: successfulJump to behavior
      Source: /tmp/45.11.229.95-boatnet.arm7-2025-01-19T02_22_31.elf (PID: 5498)SIGKILL sent: pid: 5514, result: successfulJump to behavior
      Source: /tmp/45.11.229.95-boatnet.arm7-2025-01-19T02_22_31.elf (PID: 5498)SIGKILL sent: pid: 5532, result: successfulJump to behavior
      Source: /tmp/45.11.229.95-boatnet.arm7-2025-01-19T02_22_31.elf (PID: 5498)SIGKILL sent: pid: 5541, result: successfulJump to behavior
      Source: 5496.1.00007f5c80017000.00007f5c80031000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_28a2fe0c os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = a2c6beaec18ca876e8487c11bcc7a29279669588aacb7d3027d8d8df8f5bcead, id = 28a2fe0c-eed5-4c79-81e6-3b11b73a4ebd, last_modified = 2021-09-16
      Source: 5496.1.00007f5c80017000.00007f5c80031000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_ea92cca8 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = aa4aee9f3d6bedd8234eaf8778895a0f5d71c42b21f2a428f01f121e85704e8e, id = ea92cca8-bba7-4a1c-9b88-a2d051ad0021, last_modified = 2021-09-16
      Source: 5496.1.00007f5c80017000.00007f5c80031000.r-x.sdmp, type: MEMORYMatched rule: Mirai_Botnet_Malware date = 2016-10-04, hash5 = 420bf9215dfb04e5008c5e522eee9946599e2b323b17f17919cd802ebb012175, hash4 = 2efa09c124f277be2199bee58f49fc0ce6c64c0bef30079dfb3d94a6de492a69, hash3 = 20683ff7a5fec1237fc09224af40be029b9548c62c693844624089af568c89d4, hash2 = 05c78c3052b390435e53a87e3d31e9fb17f7c76bb4df2814313bca24735ce81c, hash1 = 05c78c3052b390435e53a87e3d31e9fb17f7c76bb4df2814313bca24735ce81c, author = Florian Roth, description = Detects Mirai Botnet Malware, hash10 = c61bf95146c68bfbbe01d7695337ed0e93ea759f59f651799f07eecdb339f83f, hash11 = d9573c3850e2ae35f371dff977fc3e5282a5e67db8e3274fd7818e8273fd5c89, hash12 = f1100c84abff05e0501e77781160d9815628e7fd2de9e53f5454dbcac7c84ca5, hash9 = bf0471b37dba7939524a30d7d5afc8fcfb8d4a7c9954343196737e72ea4e2dc4, hash8 = 89570ae59462e6472b6769545a999bde8457e47ae0d385caaa3499ab735b8147, hash7 = 70bb0ec35dd9afcfd52ec4e1d920e7045dc51dca0573cd4c753987c9d79405c0, hash6 = 62cdc8b7fffbaf5683a466f6503c03e68a15413a90f6afd5a13ba027631460c6, reference = Internal Research, license = https://creativecommons.org/licenses/by-nc/4.0/, hash13 = fb713ccf839362bf0fbe01aedd6796f4d74521b133011b408e42c1fd9ab8246b
      Source: 5496.1.00007f5c80017000.00007f5c80031000.r-x.sdmp, type: MEMORYMatched rule: MAL_ELF_LNX_Mirai_Oct10_2 date = 2018-10-27, hash1 = fa0018e75f503f9748a5de0d14d4358db234f65e28c31c8d5878cc58807081c9, author = Florian Roth, description = Detects ELF malware Mirai related, reference = Internal Research
      Source: 5500.1.00007f5c80017000.00007f5c80031000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_28a2fe0c os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = a2c6beaec18ca876e8487c11bcc7a29279669588aacb7d3027d8d8df8f5bcead, id = 28a2fe0c-eed5-4c79-81e6-3b11b73a4ebd, last_modified = 2021-09-16
      Source: 5500.1.00007f5c80017000.00007f5c80031000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_ea92cca8 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = aa4aee9f3d6bedd8234eaf8778895a0f5d71c42b21f2a428f01f121e85704e8e, id = ea92cca8-bba7-4a1c-9b88-a2d051ad0021, last_modified = 2021-09-16
      Source: 5500.1.00007f5c80017000.00007f5c80031000.r-x.sdmp, type: MEMORYMatched rule: Mirai_Botnet_Malware date = 2016-10-04, hash5 = 420bf9215dfb04e5008c5e522eee9946599e2b323b17f17919cd802ebb012175, hash4 = 2efa09c124f277be2199bee58f49fc0ce6c64c0bef30079dfb3d94a6de492a69, hash3 = 20683ff7a5fec1237fc09224af40be029b9548c62c693844624089af568c89d4, hash2 = 05c78c3052b390435e53a87e3d31e9fb17f7c76bb4df2814313bca24735ce81c, hash1 = 05c78c3052b390435e53a87e3d31e9fb17f7c76bb4df2814313bca24735ce81c, author = Florian Roth, description = Detects Mirai Botnet Malware, hash10 = c61bf95146c68bfbbe01d7695337ed0e93ea759f59f651799f07eecdb339f83f, hash11 = d9573c3850e2ae35f371dff977fc3e5282a5e67db8e3274fd7818e8273fd5c89, hash12 = f1100c84abff05e0501e77781160d9815628e7fd2de9e53f5454dbcac7c84ca5, hash9 = bf0471b37dba7939524a30d7d5afc8fcfb8d4a7c9954343196737e72ea4e2dc4, hash8 = 89570ae59462e6472b6769545a999bde8457e47ae0d385caaa3499ab735b8147, hash7 = 70bb0ec35dd9afcfd52ec4e1d920e7045dc51dca0573cd4c753987c9d79405c0, hash6 = 62cdc8b7fffbaf5683a466f6503c03e68a15413a90f6afd5a13ba027631460c6, reference = Internal Research, license = https://creativecommons.org/licenses/by-nc/4.0/, hash13 = fb713ccf839362bf0fbe01aedd6796f4d74521b133011b408e42c1fd9ab8246b
      Source: 5500.1.00007f5c80017000.00007f5c80031000.r-x.sdmp, type: MEMORYMatched rule: MAL_ELF_LNX_Mirai_Oct10_2 date = 2018-10-27, hash1 = fa0018e75f503f9748a5de0d14d4358db234f65e28c31c8d5878cc58807081c9, author = Florian Roth, description = Detects ELF malware Mirai related, reference = Internal Research
      Source: 5502.1.00007f5c80017000.00007f5c80031000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_28a2fe0c os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = a2c6beaec18ca876e8487c11bcc7a29279669588aacb7d3027d8d8df8f5bcead, id = 28a2fe0c-eed5-4c79-81e6-3b11b73a4ebd, last_modified = 2021-09-16
      Source: 5502.1.00007f5c80017000.00007f5c80031000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_ea92cca8 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = aa4aee9f3d6bedd8234eaf8778895a0f5d71c42b21f2a428f01f121e85704e8e, id = ea92cca8-bba7-4a1c-9b88-a2d051ad0021, last_modified = 2021-09-16
      Source: 5502.1.00007f5c80017000.00007f5c80031000.r-x.sdmp, type: MEMORYMatched rule: Mirai_Botnet_Malware date = 2016-10-04, hash5 = 420bf9215dfb04e5008c5e522eee9946599e2b323b17f17919cd802ebb012175, hash4 = 2efa09c124f277be2199bee58f49fc0ce6c64c0bef30079dfb3d94a6de492a69, hash3 = 20683ff7a5fec1237fc09224af40be029b9548c62c693844624089af568c89d4, hash2 = 05c78c3052b390435e53a87e3d31e9fb17f7c76bb4df2814313bca24735ce81c, hash1 = 05c78c3052b390435e53a87e3d31e9fb17f7c76bb4df2814313bca24735ce81c, author = Florian Roth, description = Detects Mirai Botnet Malware, hash10 = c61bf95146c68bfbbe01d7695337ed0e93ea759f59f651799f07eecdb339f83f, hash11 = d9573c3850e2ae35f371dff977fc3e5282a5e67db8e3274fd7818e8273fd5c89, hash12 = f1100c84abff05e0501e77781160d9815628e7fd2de9e53f5454dbcac7c84ca5, hash9 = bf0471b37dba7939524a30d7d5afc8fcfb8d4a7c9954343196737e72ea4e2dc4, hash8 = 89570ae59462e6472b6769545a999bde8457e47ae0d385caaa3499ab735b8147, hash7 = 70bb0ec35dd9afcfd52ec4e1d920e7045dc51dca0573cd4c753987c9d79405c0, hash6 = 62cdc8b7fffbaf5683a466f6503c03e68a15413a90f6afd5a13ba027631460c6, reference = Internal Research, license = https://creativecommons.org/licenses/by-nc/4.0/, hash13 = fb713ccf839362bf0fbe01aedd6796f4d74521b133011b408e42c1fd9ab8246b
      Source: 5502.1.00007f5c80017000.00007f5c80031000.r-x.sdmp, type: MEMORYMatched rule: MAL_ELF_LNX_Mirai_Oct10_2 date = 2018-10-27, hash1 = fa0018e75f503f9748a5de0d14d4358db234f65e28c31c8d5878cc58807081c9, author = Florian Roth, description = Detects ELF malware Mirai related, reference = Internal Research
      Source: Process Memory Space: 45.11.229.95-boatnet.arm7-2025-01-19T02_22_31.elf PID: 5496, type: MEMORYSTRMatched rule: Linux_Trojan_Gafgyt_28a2fe0c os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = a2c6beaec18ca876e8487c11bcc7a29279669588aacb7d3027d8d8df8f5bcead, id = 28a2fe0c-eed5-4c79-81e6-3b11b73a4ebd, last_modified = 2021-09-16
      Source: Process Memory Space: 45.11.229.95-boatnet.arm7-2025-01-19T02_22_31.elf PID: 5496, type: MEMORYSTRMatched rule: Linux_Trojan_Gafgyt_ea92cca8 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = aa4aee9f3d6bedd8234eaf8778895a0f5d71c42b21f2a428f01f121e85704e8e, id = ea92cca8-bba7-4a1c-9b88-a2d051ad0021, last_modified = 2021-09-16
      Source: Process Memory Space: 45.11.229.95-boatnet.arm7-2025-01-19T02_22_31.elf PID: 5500, type: MEMORYSTRMatched rule: Linux_Trojan_Gafgyt_28a2fe0c os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = a2c6beaec18ca876e8487c11bcc7a29279669588aacb7d3027d8d8df8f5bcead, id = 28a2fe0c-eed5-4c79-81e6-3b11b73a4ebd, last_modified = 2021-09-16
      Source: Process Memory Space: 45.11.229.95-boatnet.arm7-2025-01-19T02_22_31.elf PID: 5500, type: MEMORYSTRMatched rule: Linux_Trojan_Gafgyt_ea92cca8 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = aa4aee9f3d6bedd8234eaf8778895a0f5d71c42b21f2a428f01f121e85704e8e, id = ea92cca8-bba7-4a1c-9b88-a2d051ad0021, last_modified = 2021-09-16
      Source: Process Memory Space: 45.11.229.95-boatnet.arm7-2025-01-19T02_22_31.elf PID: 5502, type: MEMORYSTRMatched rule: Linux_Trojan_Gafgyt_28a2fe0c os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = a2c6beaec18ca876e8487c11bcc7a29279669588aacb7d3027d8d8df8f5bcead, id = 28a2fe0c-eed5-4c79-81e6-3b11b73a4ebd, last_modified = 2021-09-16
      Source: Process Memory Space: 45.11.229.95-boatnet.arm7-2025-01-19T02_22_31.elf PID: 5502, type: MEMORYSTRMatched rule: Linux_Trojan_Gafgyt_ea92cca8 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = aa4aee9f3d6bedd8234eaf8778895a0f5d71c42b21f2a428f01f121e85704e8e, id = ea92cca8-bba7-4a1c-9b88-a2d051ad0021, last_modified = 2021-09-16
      Source: classification engineClassification label: mal80.spre.troj.evad.linELF@0/1@2/0

      Data Obfuscation

      barindex
      Source: initial sampleString containing UPX found: $Info: This file is packed with the UPX executable packer http://upx.sf.net $
      Source: initial sampleString containing UPX found: $Info: This file is packed with the UPX executable packer http://upx.sf.net $
      Source: initial sampleString containing UPX found: $Id: UPX 3.94 Copyright (C) 1996-2017 the UPX Team. All Rights Reserved. $
      Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5509)Directory: /home/saturnino/.Xdefaults-galassiaJump to behavior
      Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5510)Directory: /home/saturnino/.Xdefaults-galassiaJump to behavior
      Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5511)Directory: /home/saturnino/.Xdefaults-galassiaJump to behavior
      Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5512)Directory: /home/saturnino/.Xdefaults-galassiaJump to behavior
      Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5513)Directory: /home/saturnino/.Xdefaults-galassiaJump to behavior
      Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5513)Directory: /usr/share/fonts/.uuidJump to behavior
      Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5513)Directory: /usr/local/share/fonts/.uuidJump to behavior
      Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5513)Directory: /home/saturnino/.local/share/fonts/.uuidJump to behavior
      Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5513)Directory: /home/saturnino/.fonts/.uuidJump to behavior
      Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5513)Directory: /usr/share/fonts/X11/.uuidJump to behavior
      Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5513)Directory: /usr/share/fonts/cMap/.uuidJump to behavior
      Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5513)Directory: /usr/share/fonts/cmap/.uuidJump to behavior
      Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5513)Directory: /usr/share/fonts/opentype/.uuidJump to behavior
      Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5513)Directory: /usr/share/fonts/truetype/.uuidJump to behavior
      Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5513)Directory: /usr/share/fonts/type1/.uuidJump to behavior
      Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5513)Directory: /usr/share/fonts/X11/Type1/.uuidJump to behavior
      Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5513)Directory: /usr/share/fonts/X11/encodings/.uuidJump to behavior
      Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5513)Directory: /usr/share/fonts/X11/misc/.uuidJump to behavior
      Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5513)Directory: /usr/share/fonts/X11/util/.uuidJump to behavior
      Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5513)Directory: /usr/share/fonts/cmap/adobe-cns1/.uuidJump to behavior
      Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5513)Directory: /usr/share/fonts/cmap/adobe-gb1/.uuidJump to behavior
      Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5513)Directory: /usr/share/fonts/cmap/adobe-japan1/.uuidJump to behavior
      Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5513)Directory: /usr/share/fonts/cmap/adobe-japan2/.uuidJump to behavior
      Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5513)Directory: /usr/share/fonts/cmap/adobe-korea1/.uuidJump to behavior
      Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5513)Directory: /usr/share/fonts/opentype/malayalam/.uuidJump to behavior
      Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5513)Directory: /usr/share/fonts/opentype/mathjax/.uuidJump to behavior
      Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5513)Directory: /usr/share/fonts/opentype/noto/.uuidJump to behavior
      Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5513)Directory: /usr/share/fonts/opentype/urw-base35/.uuidJump to behavior
      Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5513)Directory: /usr/share/fonts/truetype/Gargi/.uuidJump to behavior
      Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5513)Directory: /usr/share/fonts/truetype/Gubbi/.uuidJump to behavior
      Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5513)Directory: /usr/share/fonts/truetype/Nakula/.uuidJump to behavior
      Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5513)Directory: /usr/share/fonts/truetype/Navilu/.uuidJump to behavior
      Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5513)Directory: /usr/share/fonts/truetype/Sahadeva/.uuidJump to behavior
      Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5513)Directory: /usr/share/fonts/truetype/Sarai/.uuidJump to behavior
      Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5513)Directory: /usr/share/fonts/truetype/abyssinica/.uuidJump to behavior
      Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5513)Directory: /usr/share/fonts/truetype/ancient-scripts/.uuidJump to behavior
      Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5513)Directory: /usr/share/fonts/truetype/dejavu/.uuidJump to behavior
      Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5513)Directory: /usr/share/fonts/truetype/droid/.uuidJump to behavior
      Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5513)Directory: /usr/share/fonts/truetype/fonts-beng-extra/.uuidJump to behavior
      Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5513)Directory: /usr/share/fonts/truetype/fonts-deva-extra/.uuidJump to behavior
      Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5513)Directory: /usr/share/fonts/truetype/fonts-gujr-extra/.uuidJump to behavior
      Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5513)Directory: /usr/share/fonts/truetype/fonts-guru-extra/.uuidJump to behavior
      Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5513)Directory: /usr/share/fonts/truetype/fonts-kalapi/.uuidJump to behavior
      Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5513)Directory: /usr/share/fonts/truetype/fonts-orya-extra/.uuidJump to behavior
      Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5513)Directory: /usr/share/fonts/truetype/fonts-telu-extra/.uuidJump to behavior
      Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5513)Directory: /usr/share/fonts/truetype/fonts-yrsa-rasa/.uuidJump to behavior
      Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5513)Directory: /usr/share/fonts/truetype/freefont/.uuidJump to behavior
      Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5513)Directory: /usr/share/fonts/truetype/kacst/.uuidJump to behavior
      Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5513)Directory: /usr/share/fonts/truetype/kacst-one/.uuidJump to behavior
      Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5513)Directory: /usr/share/fonts/truetype/lao/.uuidJump to behavior
      Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5513)Directory: /usr/share/fonts/truetype/lato/.uuidJump to behavior
      Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5513)Directory: /usr/share/fonts/truetype/liberation/.uuidJump to behavior
      Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5513)Directory: /usr/share/fonts/truetype/liberation2/.uuidJump to behavior
      Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5513)Directory: /usr/share/fonts/truetype/lohit-assamese/.uuidJump to behavior
      Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5513)Directory: /usr/share/fonts/truetype/lohit-bengali/.uuidJump to behavior
      Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5513)Directory: /usr/share/fonts/truetype/lohit-devanagari/.uuidJump to behavior
      Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5513)Directory: /usr/share/fonts/truetype/lohit-gujarati/.uuidJump to behavior
      Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5513)Directory: /usr/share/fonts/truetype/lohit-kannada/.uuidJump to behavior
      Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5513)Directory: /usr/share/fonts/truetype/lohit-malayalam/.uuidJump to behavior
      Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5513)Directory: /usr/share/fonts/truetype/lohit-oriya/.uuidJump to behavior
      Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5513)Directory: /usr/share/fonts/truetype/lohit-punjabi/.uuidJump to behavior
      Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5513)Directory: /usr/share/fonts/truetype/lohit-tamil/.uuidJump to behavior
      Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5513)Directory: /usr/share/fonts/truetype/lohit-tamil-classical/.uuidJump to behavior
      Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5513)Directory: /usr/share/fonts/truetype/lohit-telugu/.uuidJump to behavior
      Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5513)Directory: /usr/share/fonts/truetype/malayalam/.uuidJump to behavior
      Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5513)Directory: /usr/share/fonts/truetype/noto/.uuidJump to behavior
      Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5513)Directory: /usr/share/fonts/truetype/openoffice/.uuidJump to behavior
      Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5513)Directory: /usr/share/fonts/truetype/padauk/.uuidJump to behavior
      Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5513)Directory: /home/saturnino/.cacheJump to behavior
      Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5513)Directory: /home/saturnino/.localJump to behavior
      Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5513)Directory: /home/saturnino/.configJump to behavior
      Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5514)Directory: /home/saturnino/.Xdefaults-galassiaJump to behavior
      Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5514)Directory: /usr/share/fonts/.uuidJump to behavior
      Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5514)Directory: /usr/local/share/fonts/.uuidJump to behavior
      Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5514)Directory: /home/saturnino/.local/share/fonts/.uuidJump to behavior
      Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5514)Directory: /home/saturnino/.fonts/.uuidJump to behavior
      Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5514)Directory: /usr/share/fonts/X11/.uuidJump to behavior
      Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5514)Directory: /usr/share/fonts/cMap/.uuidJump to behavior
      Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5514)Directory: /usr/share/fonts/cmap/.uuidJump to behavior
      Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5514)Directory: /usr/share/fonts/opentype/.uuidJump to behavior
      Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5514)Directory: /usr/share/fonts/truetype/.uuidJump to behavior
      Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5514)Directory: /usr/share/fonts/type1/.uuidJump to behavior
      Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5514)Directory: /usr/share/fonts/X11/Type1/.uuidJump to behavior
      Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5514)Directory: /usr/share/fonts/X11/encodings/.uuidJump to behavior
      Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5514)Directory: /usr/share/fonts/X11/misc/.uuidJump to behavior
      Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5514)Directory: /usr/share/fonts/X11/util/.uuidJump to behavior
      Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5514)Directory: /usr/share/fonts/cmap/adobe-cns1/.uuidJump to behavior
      Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5514)Directory: /usr/share/fonts/cmap/adobe-gb1/.uuidJump to behavior
      Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5514)Directory: /usr/share/fonts/cmap/adobe-japan1/.uuidJump to behavior
      Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5514)Directory: /usr/share/fonts/cmap/adobe-japan2/.uuidJump to behavior
      Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5514)Directory: /usr/share/fonts/cmap/adobe-korea1/.uuidJump to behavior
      Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5514)Directory: /usr/share/fonts/opentype/malayalam/.uuidJump to behavior
      Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5514)Directory: /usr/share/fonts/opentype/mathjax/.uuidJump to behavior
      Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5514)Directory: /usr/share/fonts/opentype/noto/.uuidJump to behavior
      Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5514)Directory: /usr/share/fonts/opentype/urw-base35/.uuidJump to behavior
      Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5514)Directory: /usr/share/fonts/truetype/Gargi/.uuidJump to behavior
      Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5514)Directory: /usr/share/fonts/truetype/Gubbi/.uuidJump to behavior
      Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5514)Directory: /usr/share/fonts/truetype/Nakula/.uuidJump to behavior
      Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5514)Directory: /usr/share/fonts/truetype/Navilu/.uuidJump to behavior
      Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5514)Directory: /usr/share/fonts/truetype/Sahadeva/.uuidJump to behavior
      Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5514)Directory: /usr/share/fonts/truetype/Sarai/.uuidJump to behavior
      Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5514)Directory: /usr/share/fonts/truetype/abyssinica/.uuidJump to behavior
      Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5514)Directory: /usr/share/fonts/truetype/ancient-scripts/.uuidJump to behavior
      Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5514)Directory: /usr/share/fonts/truetype/dejavu/.uuidJump to behavior
      Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5514)Directory: /usr/share/fonts/truetype/droid/.uuidJump to behavior
      Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5514)Directory: /usr/share/fonts/truetype/fonts-beng-extra/.uuidJump to behavior
      Source: /usr/lib/x86_64-linux-gnu/xfce4/xfconf/xfconfd (PID: 5532)Directory: /home/saturnino/.cacheJump to behavior
      Source: /usr/lib/x86_64-linux-gnu/xfce4/xfconf/xfconfd (PID: 5532)Directory: /home/saturnino/.localJump to behavior
      Source: /usr/lib/x86_64-linux-gnu/xfce4/xfconf/xfconfd (PID: 5532)Directory: /home/saturnino/.configJump to behavior
      Source: /usr/lib/x86_64-linux-gnu/xfce4/xfconf/xfconfd (PID: 5532)Directory: /home/saturnino/.configJump to behavior
      Source: /usr/lib/x86_64-linux-gnu/xfce4/notifyd/xfce4-notifyd (PID: 5541)Directory: /home/saturnino/.Xdefaults-galassiaJump to behavior
      Source: /tmp/45.11.229.95-boatnet.arm7-2025-01-19T02_22_31.elf (PID: 5498)File opened: /proc/5541/cmdlineJump to behavior
      Source: /tmp/45.11.229.95-boatnet.arm7-2025-01-19T02_22_31.elf (PID: 5498)File opened: /proc/3760/cmdlineJump to behavior
      Source: /tmp/45.11.229.95-boatnet.arm7-2025-01-19T02_22_31.elf (PID: 5498)File opened: /proc/3761/cmdlineJump to behavior
      Source: /tmp/45.11.229.95-boatnet.arm7-2025-01-19T02_22_31.elf (PID: 5498)File opened: /proc/2672/cmdlineJump to behavior
      Source: /tmp/45.11.229.95-boatnet.arm7-2025-01-19T02_22_31.elf (PID: 5498)File opened: /proc/1583/cmdlineJump to behavior
      Source: /tmp/45.11.229.95-boatnet.arm7-2025-01-19T02_22_31.elf (PID: 5498)File opened: /proc/3244/cmdlineJump to behavior
      Source: /tmp/45.11.229.95-boatnet.arm7-2025-01-19T02_22_31.elf (PID: 5498)File opened: /proc/3120/cmdlineJump to behavior
      Source: /tmp/45.11.229.95-boatnet.arm7-2025-01-19T02_22_31.elf (PID: 5498)File opened: /proc/3361/cmdlineJump to behavior
      Source: /tmp/45.11.229.95-boatnet.arm7-2025-01-19T02_22_31.elf (PID: 5498)File opened: /proc/3759/cmdlineJump to behavior
      Source: /tmp/45.11.229.95-boatnet.arm7-2025-01-19T02_22_31.elf (PID: 5498)File opened: /proc/3239/cmdlineJump to behavior
      Source: /tmp/45.11.229.95-boatnet.arm7-2025-01-19T02_22_31.elf (PID: 5498)File opened: /proc/1577/cmdlineJump to behavior
      Source: /tmp/45.11.229.95-boatnet.arm7-2025-01-19T02_22_31.elf (PID: 5498)File opened: /proc/1610/cmdlineJump to behavior
      Source: /tmp/45.11.229.95-boatnet.arm7-2025-01-19T02_22_31.elf (PID: 5498)File opened: /proc/512/cmdlineJump to behavior
      Source: /tmp/45.11.229.95-boatnet.arm7-2025-01-19T02_22_31.elf (PID: 5498)File opened: /proc/1299/cmdlineJump to behavior
      Source: /tmp/45.11.229.95-boatnet.arm7-2025-01-19T02_22_31.elf (PID: 5498)File opened: /proc/3235/cmdlineJump to behavior
      Source: /tmp/45.11.229.95-boatnet.arm7-2025-01-19T02_22_31.elf (PID: 5498)File opened: /proc/514/cmdlineJump to behavior
      Source: /tmp/45.11.229.95-boatnet.arm7-2025-01-19T02_22_31.elf (PID: 5498)File opened: /proc/519/cmdlineJump to behavior
      Source: /tmp/45.11.229.95-boatnet.arm7-2025-01-19T02_22_31.elf (PID: 5498)File opened: /proc/2946/cmdlineJump to behavior
      Source: /tmp/45.11.229.95-boatnet.arm7-2025-01-19T02_22_31.elf (PID: 5498)File opened: /proc/917/cmdlineJump to behavior
      Source: /tmp/45.11.229.95-boatnet.arm7-2025-01-19T02_22_31.elf (PID: 5498)File opened: /proc/3758/cmdlineJump to behavior
      Source: /tmp/45.11.229.95-boatnet.arm7-2025-01-19T02_22_31.elf (PID: 5498)File opened: /proc/3134/cmdlineJump to behavior
      Source: /tmp/45.11.229.95-boatnet.arm7-2025-01-19T02_22_31.elf (PID: 5498)File opened: /proc/1593/cmdlineJump to behavior
      Source: /tmp/45.11.229.95-boatnet.arm7-2025-01-19T02_22_31.elf (PID: 5498)File opened: /proc/3011/cmdlineJump to behavior
      Source: /tmp/45.11.229.95-boatnet.arm7-2025-01-19T02_22_31.elf (PID: 5498)File opened: /proc/3094/cmdlineJump to behavior
      Source: /tmp/45.11.229.95-boatnet.arm7-2025-01-19T02_22_31.elf (PID: 5498)File opened: /proc/3406/cmdlineJump to behavior
      Source: /tmp/45.11.229.95-boatnet.arm7-2025-01-19T02_22_31.elf (PID: 5498)File opened: /proc/1589/cmdlineJump to behavior
      Source: /tmp/45.11.229.95-boatnet.arm7-2025-01-19T02_22_31.elf (PID: 5498)File opened: /proc/3129/cmdlineJump to behavior
      Source: /tmp/45.11.229.95-boatnet.arm7-2025-01-19T02_22_31.elf (PID: 5498)File opened: /proc/1588/cmdlineJump to behavior
      Source: /tmp/45.11.229.95-boatnet.arm7-2025-01-19T02_22_31.elf (PID: 5498)File opened: /proc/3402/cmdlineJump to behavior
      Source: /tmp/45.11.229.95-boatnet.arm7-2025-01-19T02_22_31.elf (PID: 5498)File opened: /proc/3125/cmdlineJump to behavior
      Source: /tmp/45.11.229.95-boatnet.arm7-2025-01-19T02_22_31.elf (PID: 5498)File opened: /proc/3246/cmdlineJump to behavior
      Source: /tmp/45.11.229.95-boatnet.arm7-2025-01-19T02_22_31.elf (PID: 5498)File opened: /proc/3245/cmdlineJump to behavior
      Source: /tmp/45.11.229.95-boatnet.arm7-2025-01-19T02_22_31.elf (PID: 5498)File opened: /proc/767/cmdlineJump to behavior
      Source: /tmp/45.11.229.95-boatnet.arm7-2025-01-19T02_22_31.elf (PID: 5498)File opened: /proc/800/cmdlineJump to behavior
      Source: /tmp/45.11.229.95-boatnet.arm7-2025-01-19T02_22_31.elf (PID: 5498)File opened: /proc/888/cmdlineJump to behavior
      Source: /tmp/45.11.229.95-boatnet.arm7-2025-01-19T02_22_31.elf (PID: 5498)File opened: /proc/801/cmdlineJump to behavior
      Source: /tmp/45.11.229.95-boatnet.arm7-2025-01-19T02_22_31.elf (PID: 5498)File opened: /proc/769/cmdlineJump to behavior
      Source: /tmp/45.11.229.95-boatnet.arm7-2025-01-19T02_22_31.elf (PID: 5498)File opened: /proc/803/cmdlineJump to behavior
      Source: /tmp/45.11.229.95-boatnet.arm7-2025-01-19T02_22_31.elf (PID: 5498)File opened: /proc/806/cmdlineJump to behavior
      Source: /tmp/45.11.229.95-boatnet.arm7-2025-01-19T02_22_31.elf (PID: 5498)File opened: /proc/807/cmdlineJump to behavior
      Source: /tmp/45.11.229.95-boatnet.arm7-2025-01-19T02_22_31.elf (PID: 5498)File opened: /proc/928/cmdlineJump to behavior
      Source: /tmp/45.11.229.95-boatnet.arm7-2025-01-19T02_22_31.elf (PID: 5498)File opened: /proc/2956/cmdlineJump to behavior
      Source: /tmp/45.11.229.95-boatnet.arm7-2025-01-19T02_22_31.elf (PID: 5498)File opened: /proc/3420/cmdlineJump to behavior
      Source: /tmp/45.11.229.95-boatnet.arm7-2025-01-19T02_22_31.elf (PID: 5498)File opened: /proc/490/cmdlineJump to behavior
      Source: /tmp/45.11.229.95-boatnet.arm7-2025-01-19T02_22_31.elf (PID: 5498)File opened: /proc/3142/cmdlineJump to behavior
      Source: /tmp/45.11.229.95-boatnet.arm7-2025-01-19T02_22_31.elf (PID: 5498)File opened: /proc/1635/cmdlineJump to behavior
      Source: /tmp/45.11.229.95-boatnet.arm7-2025-01-19T02_22_31.elf (PID: 5498)File opened: /proc/1633/cmdlineJump to behavior
      Source: /tmp/45.11.229.95-boatnet.arm7-2025-01-19T02_22_31.elf (PID: 5498)File opened: /proc/1599/cmdlineJump to behavior
      Source: /tmp/45.11.229.95-boatnet.arm7-2025-01-19T02_22_31.elf (PID: 5498)File opened: /proc/3139/cmdlineJump to behavior
      Source: /tmp/45.11.229.95-boatnet.arm7-2025-01-19T02_22_31.elf (PID: 5498)File opened: /proc/1873/cmdlineJump to behavior
      Source: /tmp/45.11.229.95-boatnet.arm7-2025-01-19T02_22_31.elf (PID: 5498)File opened: /proc/1630/cmdlineJump to behavior
      Source: /tmp/45.11.229.95-boatnet.arm7-2025-01-19T02_22_31.elf (PID: 5498)File opened: /proc/3412/cmdlineJump to behavior
      Source: /tmp/45.11.229.95-boatnet.arm7-2025-01-19T02_22_31.elf (PID: 5498)File opened: /proc/657/cmdlineJump to behavior
      Source: /tmp/45.11.229.95-boatnet.arm7-2025-01-19T02_22_31.elf (PID: 5498)File opened: /proc/658/cmdlineJump to behavior
      Source: /tmp/45.11.229.95-boatnet.arm7-2025-01-19T02_22_31.elf (PID: 5498)File opened: /proc/659/cmdlineJump to behavior
      Source: /tmp/45.11.229.95-boatnet.arm7-2025-01-19T02_22_31.elf (PID: 5498)File opened: /proc/418/cmdlineJump to behavior
      Source: /tmp/45.11.229.95-boatnet.arm7-2025-01-19T02_22_31.elf (PID: 5498)File opened: /proc/419/cmdlineJump to behavior
      Source: /tmp/45.11.229.95-boatnet.arm7-2025-01-19T02_22_31.elf (PID: 5498)File opened: /proc/1639/cmdlineJump to behavior
      Source: /tmp/45.11.229.95-boatnet.arm7-2025-01-19T02_22_31.elf (PID: 5498)File opened: /proc/5438/cmdlineJump to behavior
      Source: /tmp/45.11.229.95-boatnet.arm7-2025-01-19T02_22_31.elf (PID: 5498)File opened: /proc/1638/cmdlineJump to behavior
      Source: /tmp/45.11.229.95-boatnet.arm7-2025-01-19T02_22_31.elf (PID: 5498)File opened: /proc/5334/cmdlineJump to behavior
      Source: /tmp/45.11.229.95-boatnet.arm7-2025-01-19T02_22_31.elf (PID: 5498)File opened: /proc/3398/cmdlineJump to behavior
      Source: /tmp/45.11.229.95-boatnet.arm7-2025-01-19T02_22_31.elf (PID: 5498)File opened: /proc/1371/cmdlineJump to behavior
      Source: /tmp/45.11.229.95-boatnet.arm7-2025-01-19T02_22_31.elf (PID: 5498)File opened: /proc/3392/cmdlineJump to behavior
      Source: /tmp/45.11.229.95-boatnet.arm7-2025-01-19T02_22_31.elf (PID: 5498)File opened: /proc/780/cmdlineJump to behavior
      Source: /tmp/45.11.229.95-boatnet.arm7-2025-01-19T02_22_31.elf (PID: 5498)File opened: /proc/660/cmdlineJump to behavior
      Source: /tmp/45.11.229.95-boatnet.arm7-2025-01-19T02_22_31.elf (PID: 5498)File opened: /proc/661/cmdlineJump to behavior
      Source: /tmp/45.11.229.95-boatnet.arm7-2025-01-19T02_22_31.elf (PID: 5498)File opened: /proc/782/cmdlineJump to behavior
      Source: /tmp/45.11.229.95-boatnet.arm7-2025-01-19T02_22_31.elf (PID: 5498)File opened: /proc/1369/cmdlineJump to behavior
      Source: /tmp/45.11.229.95-boatnet.arm7-2025-01-19T02_22_31.elf (PID: 5498)File opened: /proc/3304/cmdlineJump to behavior
      Source: /tmp/45.11.229.95-boatnet.arm7-2025-01-19T02_22_31.elf (PID: 5498)File opened: /proc/3425/cmdlineJump to behavior
      Source: /tmp/45.11.229.95-boatnet.arm7-2025-01-19T02_22_31.elf (PID: 5498)File opened: /proc/785/cmdlineJump to behavior
      Source: /tmp/45.11.229.95-boatnet.arm7-2025-01-19T02_22_31.elf (PID: 5498)File opened: /proc/1642/cmdlineJump to behavior
      Source: /tmp/45.11.229.95-boatnet.arm7-2025-01-19T02_22_31.elf (PID: 5498)File opened: /proc/940/cmdlineJump to behavior
      Source: /tmp/45.11.229.95-boatnet.arm7-2025-01-19T02_22_31.elf (PID: 5498)File opened: /proc/941/cmdlineJump to behavior
      Source: /tmp/45.11.229.95-boatnet.arm7-2025-01-19T02_22_31.elf (PID: 5498)File opened: /proc/1640/cmdlineJump to behavior
      Source: /tmp/45.11.229.95-boatnet.arm7-2025-01-19T02_22_31.elf (PID: 5498)File opened: /proc/3147/cmdlineJump to behavior
      Source: /tmp/45.11.229.95-boatnet.arm7-2025-01-19T02_22_31.elf (PID: 5498)File opened: /proc/3268/cmdlineJump to behavior
      Source: /tmp/45.11.229.95-boatnet.arm7-2025-01-19T02_22_31.elf (PID: 5498)File opened: /proc/1364/cmdlineJump to behavior
      Source: /tmp/45.11.229.95-boatnet.arm7-2025-01-19T02_22_31.elf (PID: 5498)File opened: /proc/548/cmdlineJump to behavior
      Source: /tmp/45.11.229.95-boatnet.arm7-2025-01-19T02_22_31.elf (PID: 5498)File opened: /proc/3668/cmdlineJump to behavior
      Source: /tmp/45.11.229.95-boatnet.arm7-2025-01-19T02_22_31.elf (PID: 5498)File opened: /proc/1647/cmdlineJump to behavior
      Source: /tmp/45.11.229.95-boatnet.arm7-2025-01-19T02_22_31.elf (PID: 5498)File opened: /proc/2991/cmdlineJump to behavior
      Source: /tmp/45.11.229.95-boatnet.arm7-2025-01-19T02_22_31.elf (PID: 5498)File opened: /proc/1383/cmdlineJump to behavior
      Source: /tmp/45.11.229.95-boatnet.arm7-2025-01-19T02_22_31.elf (PID: 5498)File opened: /proc/1382/cmdlineJump to behavior
      Source: /tmp/45.11.229.95-boatnet.arm7-2025-01-19T02_22_31.elf (PID: 5498)File opened: /proc/1381/cmdlineJump to behavior
      Source: /tmp/45.11.229.95-boatnet.arm7-2025-01-19T02_22_31.elf (PID: 5498)File opened: /proc/791/cmdlineJump to behavior
      Source: /tmp/45.11.229.95-boatnet.arm7-2025-01-19T02_22_31.elf (PID: 5498)File opened: /proc/671/cmdlineJump to behavior
      Source: /tmp/45.11.229.95-boatnet.arm7-2025-01-19T02_22_31.elf (PID: 5498)File opened: /proc/794/cmdlineJump to behavior
      Source: /tmp/45.11.229.95-boatnet.arm7-2025-01-19T02_22_31.elf (PID: 5498)File opened: /proc/1655/cmdlineJump to behavior
      Source: /tmp/45.11.229.95-boatnet.arm7-2025-01-19T02_22_31.elf (PID: 5498)File opened: /proc/2986/cmdlineJump to behavior
      Source: /tmp/45.11.229.95-boatnet.arm7-2025-01-19T02_22_31.elf (PID: 5498)File opened: /proc/795/cmdlineJump to behavior
      Source: /tmp/45.11.229.95-boatnet.arm7-2025-01-19T02_22_31.elf (PID: 5498)File opened: /proc/674/cmdlineJump to behavior
      Source: /tmp/45.11.229.95-boatnet.arm7-2025-01-19T02_22_31.elf (PID: 5498)File opened: /proc/3839/cmdlineJump to behavior
      Source: /tmp/45.11.229.95-boatnet.arm7-2025-01-19T02_22_31.elf (PID: 5498)File opened: /proc/1653/cmdlineJump to behavior
      Source: /tmp/45.11.229.95-boatnet.arm7-2025-01-19T02_22_31.elf (PID: 5498)File opened: /proc/797/cmdlineJump to behavior
      Source: /tmp/45.11.229.95-boatnet.arm7-2025-01-19T02_22_31.elf (PID: 5498)File opened: /proc/2983/cmdlineJump to behavior
      Source: /tmp/45.11.229.95-boatnet.arm7-2025-01-19T02_22_31.elf (PID: 5498)File opened: /proc/3159/cmdlineJump to behavior
      Source: /tmp/45.11.229.95-boatnet.arm7-2025-01-19T02_22_31.elf (PID: 5498)File opened: /proc/678/cmdlineJump to behavior
      Source: /tmp/45.11.229.95-boatnet.arm7-2025-01-19T02_22_31.elf (PID: 5498)File opened: /proc/1650/cmdlineJump to behavior
      Source: /tmp/45.11.229.95-boatnet.arm7-2025-01-19T02_22_31.elf (PID: 5498)File opened: /proc/3157/cmdlineJump to behavior
      Source: /tmp/45.11.229.95-boatnet.arm7-2025-01-19T02_22_31.elf (PID: 5498)File opened: /proc/679/cmdlineJump to behavior
      Source: /tmp/45.11.229.95-boatnet.arm7-2025-01-19T02_22_31.elf (PID: 5498)File opened: /proc/1659/cmdlineJump to behavior
      Source: /tmp/45.11.229.95-boatnet.arm7-2025-01-19T02_22_31.elf (PID: 5498)File opened: /proc/3319/cmdlineJump to behavior
      Source: /tmp/45.11.229.95-boatnet.arm7-2025-01-19T02_22_31.elf (PID: 5498)File opened: /proc/5473/cmdlineJump to behavior
      Source: 45.11.229.95-boatnet.arm7-2025-01-19T02_22_31.elfSubmission file: segment LOAD with 7.9691 entropy (max. 8.0)
      Source: /tmp/45.11.229.95-boatnet.arm7-2025-01-19T02_22_31.elf (PID: 5496)Queries kernel information via 'uname': Jump to behavior
      Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5509)Queries kernel information via 'uname': Jump to behavior
      Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5510)Queries kernel information via 'uname': Jump to behavior
      Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5511)Queries kernel information via 'uname': Jump to behavior
      Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5512)Queries kernel information via 'uname': Jump to behavior
      Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5513)Queries kernel information via 'uname': Jump to behavior
      Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5514)Queries kernel information via 'uname': Jump to behavior
      Source: /usr/lib/x86_64-linux-gnu/xfce4/notifyd/xfce4-notifyd (PID: 5541)Queries kernel information via 'uname': Jump to behavior
      Source: 45.11.229.95-boatnet.arm7-2025-01-19T02_22_31.elf, 5496.1.00007ffe29622000.00007ffe29643000.rw-.sdmp, 45.11.229.95-boatnet.arm7-2025-01-19T02_22_31.elf, 5500.1.00007ffe29622000.00007ffe29643000.rw-.sdmp, 45.11.229.95-boatnet.arm7-2025-01-19T02_22_31.elf, 5502.1.00007ffe29622000.00007ffe29643000.rw-.sdmpBinary or memory string: x86_64/usr/bin/qemu-arm/tmp/45.11.229.95-boatnet.arm7-2025-01-19T02_22_31.elfSUDO_USER=saturninoPATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/snap/binDISPLAY=:1.0XAUTHORITY=/run/user/1000/gdm/XauthoritySUDO_UID=1000TERM=xterm-256colorCOLORTERM=truecolorLOGNAME=rootUSER=rootLANG=en_US.UTF-8SUDO_COMMAND=/bin/bashHOME=/rootMAIL=/var/mail/rootSUDO_GID=1000SHELL=/bin/bash/tmp/45.11.229.95-boatnet.arm7-2025-01-19T02_22_31.elf
      Source: 45.11.229.95-boatnet.arm7-2025-01-19T02_22_31.elf, 5496.1.0000560eb7fb1000.0000560eb81a1000.rw-.sdmp, 45.11.229.95-boatnet.arm7-2025-01-19T02_22_31.elf, 5500.1.0000560eb7fb1000.0000560eb817f000.rw-.sdmp, 45.11.229.95-boatnet.arm7-2025-01-19T02_22_31.elf, 5502.1.0000560eb7fb1000.0000560eb817f000.rw-.sdmpBinary or memory string: /etc/qemu-binfmt/arm
      Source: 45.11.229.95-boatnet.arm7-2025-01-19T02_22_31.elf, 5496.1.00007ffe29622000.00007ffe29643000.rw-.sdmp, 45.11.229.95-boatnet.arm7-2025-01-19T02_22_31.elf, 5500.1.00007ffe29622000.00007ffe29643000.rw-.sdmp, 45.11.229.95-boatnet.arm7-2025-01-19T02_22_31.elf, 5502.1.00007ffe29622000.00007ffe29643000.rw-.sdmpBinary or memory string: /usr/bin/qemu-arm
      Source: 45.11.229.95-boatnet.arm7-2025-01-19T02_22_31.elf, 5496.1.0000560eb7fb1000.0000560eb81a1000.rw-.sdmp, 45.11.229.95-boatnet.arm7-2025-01-19T02_22_31.elf, 5500.1.0000560eb7fb1000.0000560eb817f000.rw-.sdmp, 45.11.229.95-boatnet.arm7-2025-01-19T02_22_31.elf, 5502.1.0000560eb7fb1000.0000560eb817f000.rw-.sdmpBinary or memory string: V!/etc/qemu-binfmt/arm

      Stealing of Sensitive Information

      barindex
      Source: Yara matchFile source: 5496.1.00007f5c80017000.00007f5c80031000.r-x.sdmp, type: MEMORY
      Source: Yara matchFile source: 5500.1.00007f5c80017000.00007f5c80031000.r-x.sdmp, type: MEMORY
      Source: Yara matchFile source: 5502.1.00007f5c80017000.00007f5c80031000.r-x.sdmp, type: MEMORY
      Source: Yara matchFile source: Process Memory Space: 45.11.229.95-boatnet.arm7-2025-01-19T02_22_31.elf PID: 5496, type: MEMORYSTR
      Source: Yara matchFile source: Process Memory Space: 45.11.229.95-boatnet.arm7-2025-01-19T02_22_31.elf PID: 5500, type: MEMORYSTR
      Source: Yara matchFile source: Process Memory Space: 45.11.229.95-boatnet.arm7-2025-01-19T02_22_31.elf PID: 5502, type: MEMORYSTR

      Remote Access Functionality

      barindex
      Source: Yara matchFile source: 5496.1.00007f5c80017000.00007f5c80031000.r-x.sdmp, type: MEMORY
      Source: Yara matchFile source: 5500.1.00007f5c80017000.00007f5c80031000.r-x.sdmp, type: MEMORY
      Source: Yara matchFile source: 5502.1.00007f5c80017000.00007f5c80031000.r-x.sdmp, type: MEMORY
      Source: Yara matchFile source: Process Memory Space: 45.11.229.95-boatnet.arm7-2025-01-19T02_22_31.elf PID: 5496, type: MEMORYSTR
      Source: Yara matchFile source: Process Memory Space: 45.11.229.95-boatnet.arm7-2025-01-19T02_22_31.elf PID: 5500, type: MEMORYSTR
      Source: Yara matchFile source: Process Memory Space: 45.11.229.95-boatnet.arm7-2025-01-19T02_22_31.elf PID: 5502, type: MEMORYSTR

      Mitre Att&ck Matrix

      ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
      Gather Victim Identity Information1
      Scripting      		Valid AccountsWindows Management Instrumentation1
      Scripting      		Path Interception1
      Hidden Files and Directories      		1
      OS Credential Dumping      		11
      Security Software Discovery      		Remote ServicesData from Local System1
      Non-Standard Port      		Exfiltration Over Other Network Medium1
      Service Stop
      CredentialsDomainsDefault AccountsScheduled Task/JobBoot or Logon Initialization ScriptsBoot or Logon Initialization Scripts11
      Obfuscated Files or Information      		LSASS MemoryApplication Window DiscoveryRemote Desktop ProtocolData from Removable Media1
      Non-Application Layer Protocol      		Exfiltration Over BluetoothNetwork Denial of Service
      Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)Logon Script (Windows)Obfuscated Files or InformationSecurity Account ManagerQuery RegistrySMB/Windows Admin SharesData from Network Shared Drive1
      Application Layer Protocol      		Automated ExfiltrationData Encrypted for Impact

      Malware Configuration

      No configs have been found

      Behavior Graph

      Hide Legend

      Legend:

      • Process
      • Signature
      • Created File
      • DNS/IP Info
      • Is Dropped
      • Number of created Files
      • Is malicious
      • Internet
      behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 1594525 Sample: 45.11.229.95-boatnet.arm7-2... Startdate: 19/01/2025 Architecture: LINUX Score: 80 24 45.11.229.95, 3778, 43334, 43336 ALPHAONE-ASUS Germany 2->24 26 daisy.ubuntu.com 2->26 28 Malicious sample detected (through community Yara rule) 2->28 30 Multi AV Scanner detection for submitted file 2->30 32 Yara detected Mirai 2->32 34 Sample is packed with UPX 2->34 7 45.11.229.95-boatnet.arm7-2025-01-19T02_22_31.elf 2->7         started        9 xfce4-panel wrapper-2.0 2->9         started        11 xfce4-panel wrapper-2.0 2->11         started        13 6 other processes 2->13 signatures3 process4 process5 15 45.11.229.95-boatnet.arm7-2025-01-19T02_22_31.elf 7->15         started        18 45.11.229.95-boatnet.arm7-2025-01-19T02_22_31.elf 7->18         started        20 45.11.229.95-boatnet.arm7-2025-01-19T02_22_31.elf 7->20         started        22 wrapper-2.0 xfpm-power-backlight-helper 9->22         started        signatures6 36 Sample tries to kill multiple processes (SIGKILL) 15->36

      Screenshots

      Download Video

      Thumbnails

      This section contains all screenshots as thumbnails, including those not shown in the slideshow.


      windows-stand

      Antivirus, Machine Learning and Genetic Malware Detection

      Initial Sample

      SourceDetectionScannerLabelLink
      45.11.229.95-boatnet.arm7-2025-01-19T02_22_31.elf37%VirustotalBrowse
      45.11.229.95-boatnet.arm7-2025-01-19T02_22_31.elf42%ReversingLabsLinux.Trojan.Mirai

      Dropped Files

      No Antivirus matches

      Domains

      No Antivirus matches

      URLs

      No Antivirus matches

      Domains and IPs

      Download Network PCAP: filteredfull

      Contacted Domains

      NameIPActiveMaliciousAntivirus DetectionReputation
      daisy.ubuntu.com
      		162.213.35.25
      		truefalse
        		high
        NameSourceMaliciousAntivirus DetectionReputation
        http://upx.sf.net45.11.229.95-boatnet.arm7-2025-01-19T02_22_31.elffalse
          		high

          World Map of Contacted IPs

          • No. of IPs < 25%
          • 25% < No. of IPs < 50%
          • 50% < No. of IPs < 75%
          • 75% < No. of IPs

          Public IPs

          IPDomainCountryFlagASNASN NameMalicious
          45.11.229.95
          		unknownGermany
          		397525ALPHAONE-ASUStrue

          Joe Sandbox View / Context

          IPs

          No context

          Domains

          MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
          daisy.ubuntu.comx86.elfGet hashmaliciousUnknownBrowse
          • 162.213.35.25
          Yboats.mpsl.elfGet hashmaliciousUnknownBrowse
          • 162.213.35.24
          Yboats.ppc.elfGet hashmaliciousUnknownBrowse
          • 162.213.35.24
          Yboats.arm7.elfGet hashmaliciousUnknownBrowse
          • 162.213.35.25
          Yboats.arc.elfGet hashmaliciousMirai, OkiruBrowse
          • 162.213.35.25
          Yboats.m68k.elfGet hashmaliciousMirai, OkiruBrowse
          • 162.213.35.25
          Yboats.i686.elfGet hashmaliciousMirai, OkiruBrowse
          • 162.213.35.24
          Yboats.arm.elfGet hashmaliciousUnknownBrowse
          • 162.213.35.24
          Yboats.mips.elfGet hashmaliciousUnknownBrowse
          • 162.213.35.25
          loki.arm6.elfGet hashmaliciousUnknownBrowse
          • 162.213.35.24

          ASNs

          MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
          ALPHAONE-ASUSx86.elfGet hashmaliciousUnknownBrowse
          • 38.79.86.214
          pkt1.exeGet hashmaliciousUnknownBrowse
          • 199.16.240.207
          dr0p.exeGet hashmaliciousUnknownBrowse
          • 199.16.240.205
          spc.elfGet hashmaliciousUnknownBrowse
          • 38.79.86.247
          Payload 94.75.225.exeGet hashmaliciousUnknownBrowse
          • 45.11.229.132
          la.bot.sparc.elfGet hashmaliciousUnknownBrowse
          • 38.79.86.221
          na.elfGet hashmaliciousMirai, OkiruBrowse
          • 38.79.86.229
          PT54FFSL7ET46RASB.exeGet hashmaliciousLummaC Stealer, PureLog Stealer, Xmrig, zgRATBrowse
          • 45.11.229.96
          57lklPjdPc.exeGet hashmaliciousLummaC, PureLog Stealer, zgRATBrowse
          • 45.11.229.96
          PT54FFSL7ET46RASB.exeGet hashmaliciousLummaC, PureLog Stealer, Xmrig, zgRATBrowse
          • 45.11.229.96

          JA3 Fingerprints

          No context

          Dropped Files

          No context

          Created / dropped Files

          Process:/usr/lib/x86_64-linux-gnu/xfce4/xfconf/xfconfd
          File Type:XML 1.0 document, ASCII text
          Category:dropped
          Size (bytes):5128
          Entropy (8bit):4.457618060812407
          Encrypted:false
          SSDEEP:96:R14GBdYLSNUH+ZAFQrSRR6dn0tWlTDFwIfM/vfzPpjT9I3jZ/qeH2Wg:74GnYLSNUH+ZAyrSRRYn0taTDKIfMPzv
          MD5:2A2A7C34B585CDAE5E123F3C5100C253
          SHA1:E814B1B1531B25581DB76CB813C85E53E1390BA4
          SHA-256:BCA18B654D038B69B25ACDF84CFF99BF521A1B54F482F1DE2B54CE13AC219A04
          SHA-512:CEC7A3A7A6AD6C2A6D101A3BF6D89A01EBDCEB0121AA3DE1CEA024268410B39E4E9188382439C7C3FD734C66764B66B13F1D277700B00A2FCB35CB67E31996DD
          Malicious:false
          Reputation:moderate, very likely benign file
          Preview:<?xml version="1.0" encoding="UTF-8"?>..<channel name="xfce4-panel" version="1.0">. <property name="configver" type="int" value="2"/>. <property name="panels" type="array">. <value type="int" value="1"/>. <value type="int" value="2"/>. <property name="panel-1" type="empty">. <property name="position" type="string" value="p=6;x=0;y=0"/>. <property name="length" type="uint" value="100"/>. <property name="position-locked" type="bool" value="true"/>. <property name="icon-size" type="uint" value="16"/>. <property name="size" type="uint" value="26"/>. <property name="plugin-ids" type="array">. <value type="int" value="1"/>. <value type="int" value="2"/>. <value type="int" value="3"/>. <value type="int" value="4"/>. <value type="int" value="5"/>. <value type="int" value="6"/>. <value type="int" value="7"/>. <value type="int" value="8"/>. <value type="int" value="9"/>. <value type="in

          Static File Info

          General

          File type:ELF 32-bit LSB executable, ARM, EABI4 version 1 (GNU/Linux), statically linked, no section header
          Entropy (8bit):7.981191553165883
          TrID:
          • ELF Executable and Linkable format (generic) (4004/1) 100.00%
          File name:45.11.229.95-boatnet.arm7-2025-01-19T02_22_31.elf
          File size:55'212 bytes
          MD5:d3933f1cd5e7633906774078e050ca4f
          SHA1:df8bddfc958fabc7c0105df9769b7a76ab3b1bcd
          SHA256:131909f6e594c6b3199b32959ec4d128a9f4ea72d836e21a6bd9a3cc4e51bdfc
          SHA512:6fa8a5425b641ed0968faabd6ad6b4e061d8946573f3cecad59aaa27cca56fc6fe4d2449d54f7b10efef5c6da6d61aa783137854a6edc82543113b3fbc3f90d1
          SSDEEP:768:/GJrriWrm5118Y+4xTuNqAcpPUQVvaLy9eu/bcpQhsNe6jwFy9q3UELaLaMe25Ra:/GripJhhxeRpBjwVLwOLN
          TLSH:3C43027E766D50619B44607D2925490AA7272BBC533234A793EACCB4B21208BFDB848F
          File Content Preview:.ELF..............(.........4...........4. ...(.........................................LN..L...L...................Q.td............................>. NUPX!.........f...f......l..........?.E.h;....#..$...o...T.......*).......X..D...8D`.)Jz)..FV.....DC.ZaR

          Static ELF Info

          ELF header

          Class:ELF32
          Data:2's complement, little endian
          Version:1 (current)
          Machine:ARM
          Version Number:0x1
          Type:EXEC (Executable file)
          OS/ABI:UNIX - Linux
          ABI Version:0
          Entry Point Address:0x10a10
          Flags:0x4000002
          ELF Header Size:52
          Program Header Offset:52
          Program Header Size:32
          Number of Program Headers:3
          Section Header Offset:0
          Section Header Size:40
          Number of Section Headers:0
          Header String Table Index:0

          Program Segments

          TypeOffsetVirtual AddressPhysical AddressFile SizeMemory SizeEntropyFlagsFlags DescriptionAlignProg InterpreterSection Mappings
          LOAD0x00x80000x80000x9bfd0x9bfd7.96910x5R E0x8000
          LOAD0x4e4c0x2ce4c0x2ce4c0x00x00.00000x6RW 0x8000
          GNU_STACK0x00x00x00x00x00.00000x7RWE0x4

          Network Behavior

          Download Network PCAP: filteredfull

          Network Port Distribution

          • Total Packets: 56
          • 3778 undefined
          • 53 (DNS)
          TimestampSource PortDest PortSource IPDest IP
          Jan 19, 2025 05:14:06.572504044 CET433343778192.168.2.1445.11.229.95
          Jan 19, 2025 05:14:06.577853918 CET37784333445.11.229.95192.168.2.14
          Jan 19, 2025 05:14:06.577919006 CET433343778192.168.2.1445.11.229.95
          Jan 19, 2025 05:14:06.608484030 CET433343778192.168.2.1445.11.229.95
          Jan 19, 2025 05:14:06.613507032 CET37784333445.11.229.95192.168.2.14
          Jan 19, 2025 05:14:06.613567114 CET433343778192.168.2.1445.11.229.95
          Jan 19, 2025 05:14:06.618601084 CET37784333445.11.229.95192.168.2.14
          Jan 19, 2025 05:14:07.229770899 CET37784333445.11.229.95192.168.2.14
          Jan 19, 2025 05:14:07.230139017 CET433343778192.168.2.1445.11.229.95
          Jan 19, 2025 05:14:07.230433941 CET433343778192.168.2.1445.11.229.95
          Jan 19, 2025 05:14:07.231832027 CET433363778192.168.2.1445.11.229.95
          Jan 19, 2025 05:14:07.237039089 CET37784333645.11.229.95192.168.2.14
          Jan 19, 2025 05:14:07.237329006 CET433363778192.168.2.1445.11.229.95
          Jan 19, 2025 05:14:07.239407063 CET433363778192.168.2.1445.11.229.95
          Jan 19, 2025 05:14:07.245146990 CET37784333645.11.229.95192.168.2.14
          Jan 19, 2025 05:14:07.245623112 CET433363778192.168.2.1445.11.229.95
          Jan 19, 2025 05:14:07.251028061 CET37784333645.11.229.95192.168.2.14
          Jan 19, 2025 05:14:07.847666025 CET37784333645.11.229.95192.168.2.14
          Jan 19, 2025 05:14:07.848098993 CET433363778192.168.2.1445.11.229.95
          Jan 19, 2025 05:14:07.848098993 CET433363778192.168.2.1445.11.229.95
          Jan 19, 2025 05:14:07.849499941 CET433383778192.168.2.1445.11.229.95
          Jan 19, 2025 05:14:07.854599953 CET37784333845.11.229.95192.168.2.14
          Jan 19, 2025 05:14:07.854810953 CET433383778192.168.2.1445.11.229.95
          Jan 19, 2025 05:14:07.856479883 CET433383778192.168.2.1445.11.229.95
          Jan 19, 2025 05:14:07.861531019 CET37784333845.11.229.95192.168.2.14
          Jan 19, 2025 05:14:07.861825943 CET433383778192.168.2.1445.11.229.95
          Jan 19, 2025 05:14:07.867132902 CET37784333845.11.229.95192.168.2.14
          Jan 19, 2025 05:14:08.473732948 CET37784333845.11.229.95192.168.2.14
          Jan 19, 2025 05:14:08.474143982 CET433383778192.168.2.1445.11.229.95
          Jan 19, 2025 05:14:08.474143982 CET433383778192.168.2.1445.11.229.95
          Jan 19, 2025 05:14:08.475296021 CET433403778192.168.2.1445.11.229.95
          Jan 19, 2025 05:14:08.480674982 CET37784334045.11.229.95192.168.2.14
          Jan 19, 2025 05:14:08.480865002 CET433403778192.168.2.1445.11.229.95
          Jan 19, 2025 05:14:08.482070923 CET433403778192.168.2.1445.11.229.95
          Jan 19, 2025 05:14:08.487026930 CET37784334045.11.229.95192.168.2.14
          Jan 19, 2025 05:14:08.487097025 CET433403778192.168.2.1445.11.229.95
          Jan 19, 2025 05:14:08.492377043 CET37784334045.11.229.95192.168.2.14
          Jan 19, 2025 05:14:09.119668961 CET37784334045.11.229.95192.168.2.14
          Jan 19, 2025 05:14:09.120076895 CET433403778192.168.2.1445.11.229.95
          Jan 19, 2025 05:14:09.120220900 CET433403778192.168.2.1445.11.229.95
          Jan 19, 2025 05:14:09.121992111 CET433423778192.168.2.1445.11.229.95
          Jan 19, 2025 05:14:09.127226114 CET37784334245.11.229.95192.168.2.14
          Jan 19, 2025 05:14:09.127383947 CET433423778192.168.2.1445.11.229.95
          Jan 19, 2025 05:14:09.129153013 CET433423778192.168.2.1445.11.229.95
          Jan 19, 2025 05:14:09.134219885 CET37784334245.11.229.95192.168.2.14
          Jan 19, 2025 05:14:09.134406090 CET433423778192.168.2.1445.11.229.95
          Jan 19, 2025 05:14:09.139822960 CET37784334245.11.229.95192.168.2.14
          Jan 19, 2025 05:14:09.776262999 CET37784334245.11.229.95192.168.2.14
          Jan 19, 2025 05:14:09.776499987 CET433423778192.168.2.1445.11.229.95
          Jan 19, 2025 05:14:09.776580095 CET433423778192.168.2.1445.11.229.95
          Jan 19, 2025 05:14:09.777947903 CET433443778192.168.2.1445.11.229.95
          Jan 19, 2025 05:14:09.783168077 CET37784334445.11.229.95192.168.2.14
          Jan 19, 2025 05:14:09.783351898 CET433443778192.168.2.1445.11.229.95
          Jan 19, 2025 05:14:09.784689903 CET433443778192.168.2.1445.11.229.95
          Jan 19, 2025 05:14:09.789640903 CET37784334445.11.229.95192.168.2.14
          Jan 19, 2025 05:14:09.789768934 CET433443778192.168.2.1445.11.229.95
          Jan 19, 2025 05:14:09.795144081 CET37784334445.11.229.95192.168.2.14
          Jan 19, 2025 05:14:10.402769089 CET37784334445.11.229.95192.168.2.14
          Jan 19, 2025 05:14:10.403294086 CET433443778192.168.2.1445.11.229.95
          Jan 19, 2025 05:14:10.403328896 CET433443778192.168.2.1445.11.229.95
          Jan 19, 2025 05:14:10.404303074 CET433463778192.168.2.1445.11.229.95
          Jan 19, 2025 05:14:10.409483910 CET37784334645.11.229.95192.168.2.14
          Jan 19, 2025 05:14:10.409678936 CET433463778192.168.2.1445.11.229.95
          Jan 19, 2025 05:14:10.411267042 CET433463778192.168.2.1445.11.229.95
          Jan 19, 2025 05:14:10.416199923 CET37784334645.11.229.95192.168.2.14
          Jan 19, 2025 05:14:10.416260004 CET433463778192.168.2.1445.11.229.95
          Jan 19, 2025 05:14:10.421422005 CET37784334645.11.229.95192.168.2.14
          Jan 19, 2025 05:14:11.023395061 CET37784334645.11.229.95192.168.2.14
          Jan 19, 2025 05:14:11.023771048 CET433463778192.168.2.1445.11.229.95
          Jan 19, 2025 05:14:11.023771048 CET433463778192.168.2.1445.11.229.95
          Jan 19, 2025 05:14:11.024981976 CET433483778192.168.2.1445.11.229.95
          Jan 19, 2025 05:14:11.030005932 CET37784334845.11.229.95192.168.2.14
          Jan 19, 2025 05:14:11.030189037 CET433483778192.168.2.1445.11.229.95
          Jan 19, 2025 05:14:11.031416893 CET433483778192.168.2.1445.11.229.95
          Jan 19, 2025 05:14:11.036559105 CET37784334845.11.229.95192.168.2.14
          Jan 19, 2025 05:14:11.036742926 CET433483778192.168.2.1445.11.229.95
          Jan 19, 2025 05:14:11.042056084 CET37784334845.11.229.95192.168.2.14
          Jan 19, 2025 05:14:11.659111977 CET37784334845.11.229.95192.168.2.14
          Jan 19, 2025 05:14:11.659192085 CET433483778192.168.2.1445.11.229.95
          Jan 19, 2025 05:14:11.659250975 CET433483778192.168.2.1445.11.229.95
          Jan 19, 2025 05:14:11.660190105 CET433503778192.168.2.1445.11.229.95
          Jan 19, 2025 05:14:11.665842056 CET37784335045.11.229.95192.168.2.14
          Jan 19, 2025 05:14:11.665905952 CET433503778192.168.2.1445.11.229.95
          Jan 19, 2025 05:14:11.667985916 CET433503778192.168.2.1445.11.229.95
          Jan 19, 2025 05:14:11.674519062 CET37784335045.11.229.95192.168.2.14
          Jan 19, 2025 05:14:11.674575090 CET433503778192.168.2.1445.11.229.95
          Jan 19, 2025 05:14:11.681269884 CET37784335045.11.229.95192.168.2.14
          Jan 19, 2025 05:14:12.290365934 CET37784335045.11.229.95192.168.2.14
          Jan 19, 2025 05:14:12.290421009 CET433503778192.168.2.1445.11.229.95
          Jan 19, 2025 05:14:12.293885946 CET433503778192.168.2.1445.11.229.95
          TimestampSource PortDest PortSource IPDest IP
          Jan 19, 2025 05:16:49.328161955 CET5148553192.168.2.141.1.1.1
          Jan 19, 2025 05:16:49.328222990 CET3608053192.168.2.141.1.1.1
          Jan 19, 2025 05:16:49.335247040 CET53360801.1.1.1192.168.2.14
          Jan 19, 2025 05:16:49.335840940 CET53514851.1.1.1192.168.2.14

          DNS Queries

          TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
          Jan 19, 2025 05:16:49.328161955 CET192.168.2.141.1.1.10x6370Standard query (0)daisy.ubuntu.comA (IP address)IN (0x0001)false
          Jan 19, 2025 05:16:49.328222990 CET192.168.2.141.1.1.10xc9ddStandard query (0)daisy.ubuntu.com28IN (0x0001)false

          DNS Answers

          TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
          Jan 19, 2025 05:16:49.335840940 CET1.1.1.1192.168.2.140x6370No error (0)daisy.ubuntu.com162.213.35.25A (IP address)IN (0x0001)false
          Jan 19, 2025 05:16:49.335840940 CET1.1.1.1192.168.2.140x6370No error (0)daisy.ubuntu.com162.213.35.24A (IP address)IN (0x0001)false

          System Behavior

          General

          Start time (UTC):04:14:05
          Start date (UTC):19/01/2025
          Path:/tmp/45.11.229.95-boatnet.arm7-2025-01-19T02_22_31.elf
          Arguments:/tmp/45.11.229.95-boatnet.arm7-2025-01-19T02_22_31.elf
          File size:4956856 bytes
          MD5 hash:5ebfcae4fe2471fcc5695c2394773ff1

          File Activities

          Process Activities

          System Activities

          Network Activities


          General

          Start time (UTC):04:14:05
          Start date (UTC):19/01/2025
          Path:/tmp/45.11.229.95-boatnet.arm7-2025-01-19T02_22_31.elf
          Arguments:-
          File size:4956856 bytes
          MD5 hash:5ebfcae4fe2471fcc5695c2394773ff1

          File Activities

          Process Activities


          General

          Start time (UTC):04:14:05
          Start date (UTC):19/01/2025
          Path:/tmp/45.11.229.95-boatnet.arm7-2025-01-19T02_22_31.elf
          Arguments:-
          File size:4956856 bytes
          MD5 hash:5ebfcae4fe2471fcc5695c2394773ff1

          File Activities

          Process Activities


          General

          Start time (UTC):04:14:05
          Start date (UTC):19/01/2025
          Path:/tmp/45.11.229.95-boatnet.arm7-2025-01-19T02_22_31.elf
          Arguments:-
          File size:4956856 bytes
          MD5 hash:5ebfcae4fe2471fcc5695c2394773ff1

          Process Activities

          Network Activities


          General

          Start time (UTC):04:14:11
          Start date (UTC):19/01/2025
          Path:/usr/bin/xfce4-panel
          Arguments:-
          File size:375768 bytes
          MD5 hash:a15b657c7d54ac1385f1f15004ea6784

          Process Activities


          General

          Start time (UTC):04:14:11
          Start date (UTC):19/01/2025
          Path:/usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0
          Arguments:/usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 /usr/lib/x86_64-linux-gnu/xfce4/panel/plugins/libsystray.so 6 12582920 systray "Notification Area" "Area where notification icons appear"
          File size:35136 bytes
          MD5 hash:ac0b8a906f359a8ae102244738682e76

          File Activities

          Process Activities

          System Activities

          Network Activities


          General

          Start time (UTC):04:14:11
          Start date (UTC):19/01/2025
          Path:/usr/bin/xfce4-panel
          Arguments:-
          File size:375768 bytes
          MD5 hash:a15b657c7d54ac1385f1f15004ea6784

          Process Activities


          General

          Start time (UTC):04:14:11
          Start date (UTC):19/01/2025
          Path:/usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0
          Arguments:/usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 /usr/lib/x86_64-linux-gnu/xfce4/panel/plugins/libstatusnotifier.so 7 12582921 statusnotifier "Status Notifier Plugin" "Provides a panel area for status notifier items (application indicators)"
          File size:35136 bytes
          MD5 hash:ac0b8a906f359a8ae102244738682e76

          File Activities

          Process Activities

          System Activities

          Network Activities


          General

          Start time (UTC):04:14:11
          Start date (UTC):19/01/2025
          Path:/usr/bin/xfce4-panel
          Arguments:-
          File size:375768 bytes
          MD5 hash:a15b657c7d54ac1385f1f15004ea6784

          Process Activities


          General

          Start time (UTC):04:14:11
          Start date (UTC):19/01/2025
          Path:/usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0
          Arguments:/usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 /usr/lib/x86_64-linux-gnu/xfce4/panel/plugins/libpulseaudio-plugin.so 8 12582922 pulseaudio "PulseAudio Plugin" "Adjust the audio volume of the PulseAudio sound system"
          File size:35136 bytes
          MD5 hash:ac0b8a906f359a8ae102244738682e76

          File Activities

          Process Activities

          System Activities

          Network Activities


          General

          Start time (UTC):04:14:11
          Start date (UTC):19/01/2025
          Path:/usr/bin/xfce4-panel
          Arguments:-
          File size:375768 bytes
          MD5 hash:a15b657c7d54ac1385f1f15004ea6784

          Process Activities


          General

          Start time (UTC):04:14:11
          Start date (UTC):19/01/2025
          Path:/usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0
          Arguments:/usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 /usr/lib/x86_64-linux-gnu/xfce4/panel/plugins/libxfce4powermanager.so 9 12582923 power-manager-plugin "Power Manager Plugin" "Display the battery levels of your devices and control the brightness of your display"
          File size:35136 bytes
          MD5 hash:ac0b8a906f359a8ae102244738682e76

          File Activities

          Process Activities

          System Activities

          Network Activities


          General

          Start time (UTC):04:14:18
          Start date (UTC):19/01/2025
          Path:/usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0
          Arguments:-
          File size:35136 bytes
          MD5 hash:ac0b8a906f359a8ae102244738682e76

          File Activities

          Process Activities


          General

          Start time (UTC):04:14:18
          Start date (UTC):19/01/2025
          Path:/usr/sbin/xfpm-power-backlight-helper
          Arguments:/usr/sbin/xfpm-power-backlight-helper --get-max-brightness
          File size:14656 bytes
          MD5 hash:3d221ad23f28ca3259f599b1664e2427

          File Activities


          General

          Start time (UTC):04:14:11
          Start date (UTC):19/01/2025
          Path:/usr/bin/xfce4-panel
          Arguments:-
          File size:375768 bytes
          MD5 hash:a15b657c7d54ac1385f1f15004ea6784

          Process Activities


          General

          Start time (UTC):04:14:11
          Start date (UTC):19/01/2025
          Path:/usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0
          Arguments:/usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 /usr/lib/x86_64-linux-gnu/xfce4/panel/plugins/libnotification-plugin.so 10 12582924 notification-plugin "Notification Plugin" "Notification plugin for the Xfce panel"
          File size:35136 bytes
          MD5 hash:ac0b8a906f359a8ae102244738682e76

          File Activities

          Process Activities

          System Activities

          Network Activities


          General

          Start time (UTC):04:14:11
          Start date (UTC):19/01/2025
          Path:/usr/bin/xfce4-panel
          Arguments:-
          File size:375768 bytes
          MD5 hash:a15b657c7d54ac1385f1f15004ea6784

          Process Activities


          General

          Start time (UTC):04:14:11
          Start date (UTC):19/01/2025
          Path:/usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0
          Arguments:/usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 /usr/lib/x86_64-linux-gnu/xfce4/panel/plugins/libactions.so 14 12582925 actions "Action Buttons" "Log out, lock or other system actions"
          File size:35136 bytes
          MD5 hash:ac0b8a906f359a8ae102244738682e76

          File Activities

          Process Activities

          System Activities

          Network Activities


          General

          Start time (UTC):04:14:18
          Start date (UTC):19/01/2025
          Path:/usr/bin/dbus-daemon
          Arguments:-
          File size:249032 bytes
          MD5 hash:3089d47e3f3ab84cd81c48fd406d7a8c

          Process Activities


          General

          Start time (UTC):04:14:18
          Start date (UTC):19/01/2025
          Path:/usr/lib/x86_64-linux-gnu/xfce4/xfconf/xfconfd
          Arguments:/usr/lib/x86_64-linux-gnu/xfce4/xfconf/xfconfd
          File size:112880 bytes
          MD5 hash:4c7a0d6d258bb970905b19b84abcd8e9

          File Activities

          Process Activities

          Network Activities


          General

          Start time (UTC):04:14:22
          Start date (UTC):19/01/2025
          Path:/usr/lib/systemd/systemd
          Arguments:-
          File size:1620224 bytes
          MD5 hash:9b2bec7092a40488108543f9334aab75

          Process Activities


          General

          Start time (UTC):04:14:22
          Start date (UTC):19/01/2025
          Path:/usr/lib/x86_64-linux-gnu/xfce4/notifyd/xfce4-notifyd
          Arguments:/usr/lib/x86_64-linux-gnu/xfce4/notifyd/xfce4-notifyd
          File size:112872 bytes
          MD5 hash:eee956f1b227c1d5031f9c61223255d1

          File Activities

          Process Activities

          System Activities

          Network Activities