Linux
Analysis Report
boatnet.ppc.elf
Overview
General Information
Detection
Score: | 80 |
Range: | 0 - 100 |
Signatures
Classification
Joe Sandbox version: | 42.0.0 Malachite |
Analysis ID: | 1617544 |
Start date and time: | 2025-02-18 01:22:19 +01:00 |
Joe Sandbox product: | CloudBasic |
Overall analysis duration: | 0h 5m 5s |
Hypervisor based Inspection enabled: | false |
Report type: | full |
Cookbook file name: | defaultlinuxfilecookbook.jbs |
Analysis system description: | Ubuntu Linux 20.04 x64 (Kernel 5.4.0-72, Firefox 91.0, Evince Document Viewer 3.36.10, LibreOffice 6.4.7.2, OpenJDK 11.0.11) |
Analysis Mode: | default |
Sample name: | boatnet.ppc.elf |
Detection: | MAL |
Classification: | mal80.spre.troj.evad.linELF@0/0@2/0 |
Command: | /tmp/boatnet.ppc.elf |
PID: | 5435 |
Exit Code: | 0 |
Exit Code Info: | |
Killed: | False |
Standard Output: | lzrd cock fest"/proc/"/exe |
Standard Error: |
- system is lnxubuntu20
- boatnet.ppc.elf New Fork (PID: 5438, Parent: 5435)
- boatnet.ppc.elf New Fork (PID: 5439, Parent: 5435)
- boatnet.ppc.elf New Fork (PID: 5442, Parent: 5435)
- xfce4-panel New Fork (PID: 5448, Parent: 3147)
- xfce4-panel New Fork (PID: 5449, Parent: 3147)
- xfce4-panel New Fork (PID: 5450, Parent: 3147)
- xfce4-panel New Fork (PID: 5451, Parent: 3147)
- wrapper-2.0 New Fork (PID: 5472, Parent: 5451)
- xfce4-panel New Fork (PID: 5452, Parent: 3147)
- xfce4-panel New Fork (PID: 5453, Parent: 3147)
- dbus-daemon New Fork (PID: 5471, Parent: 5470)
- systemd New Fork (PID: 5481, Parent: 2935)
- cleanup
Name | Description | Attribution | Blogpost URLs | Link |
---|---|---|---|---|
Mirai | Mirai is one of the first significant botnets targeting exposed networking devices running Linux. Found in August 2016 by MalwareMustDie, its name means "future" in Japanese. Nowadays it targets a wide range of networked embedded devices such as IP cameras, home routers (many vendors involved), and other IoT devices. Since the source code was published on "Hack Forums" many variants of the Mirai family appeared, infecting mostly home networks all around the world. | No Attribution |
Source | Rule | Description | Author | Strings |
---|---|---|---|---|
Linux_Trojan_Gafgyt_28a2fe0c | unknown | unknown |
| |
Linux_Trojan_Gafgyt_ea92cca8 | unknown | unknown |
| |
Linux_Trojan_Gafgyt_28a2fe0c | unknown | unknown |
| |
Linux_Trojan_Gafgyt_ea92cca8 | unknown | unknown |
| |
Linux_Trojan_Gafgyt_28a2fe0c | unknown | unknown |
| |
Click to see the 10 entries |
- • AV Detection
- • Networking
- • System Summary
- • Data Obfuscation
- • Persistence and Installation Behavior
- • Hooking and other Techniques for Hiding and Protection
- • Malware Analysis System Evasion
- • Stealing of Sensitive Information
- • Remote Access Functionality
Click to jump to signature section
AV Detection |
---|
Source: | Avira: |
Source: | Virustotal: | Perma Link | ||
Source: | ReversingLabs: |
Source: | TCP traffic: |
Source: | TCP traffic: |
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: |
Source: | DNS traffic detected: |
Source: | String found in binary or memory: |
Source: | Network traffic detected: |
System Summary |
---|
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: |
Source: | SIGKILL sent: | Jump to behavior | ||
Source: | SIGKILL sent: | Jump to behavior | ||
Source: | SIGKILL sent: | Jump to behavior | ||
Source: | SIGKILL sent: | Jump to behavior | ||
Source: | SIGKILL sent: | Jump to behavior | ||
Source: | SIGKILL sent: | Jump to behavior | ||
Source: | SIGKILL sent: | Jump to behavior | ||
Source: | SIGKILL sent: | Jump to behavior | ||
Source: | SIGKILL sent: | Jump to behavior | ||
Source: | SIGKILL sent: | Jump to behavior | ||
Source: | SIGKILL sent: | Jump to behavior | ||
Source: | SIGKILL sent: | Jump to behavior | ||
Source: | SIGKILL sent: | Jump to behavior | ||
Source: | SIGKILL sent: | Jump to behavior | ||
Source: | SIGKILL sent: | Jump to behavior | ||
Source: | SIGKILL sent: | Jump to behavior | ||
Source: | SIGKILL sent: | Jump to behavior | ||
Source: | SIGKILL sent: | Jump to behavior | ||
Source: | SIGKILL sent: | Jump to behavior |
Source: | Program segment: |
Source: | SIGKILL sent: | Jump to behavior | ||
Source: | SIGKILL sent: | Jump to behavior | ||
Source: | SIGKILL sent: | Jump to behavior | ||
Source: | SIGKILL sent: | Jump to behavior | ||
Source: | SIGKILL sent: | Jump to behavior | ||
Source: | SIGKILL sent: | Jump to behavior | ||
Source: | SIGKILL sent: | Jump to behavior | ||
Source: | SIGKILL sent: | Jump to behavior | ||
Source: | SIGKILL sent: | Jump to behavior | ||
Source: | SIGKILL sent: | Jump to behavior | ||
Source: | SIGKILL sent: | Jump to behavior | ||
Source: | SIGKILL sent: | Jump to behavior | ||
Source: | SIGKILL sent: | Jump to behavior | ||
Source: | SIGKILL sent: | Jump to behavior | ||
Source: | SIGKILL sent: | Jump to behavior | ||
Source: | SIGKILL sent: | Jump to behavior | ||
Source: | SIGKILL sent: | Jump to behavior | ||
Source: | SIGKILL sent: | Jump to behavior | ||
Source: | SIGKILL sent: | Jump to behavior |
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: |
Source: | Classification label: |
Data Obfuscation |
---|
Source: | String containing UPX found: | ||
Source: | String containing UPX found: | ||
Source: | String containing UPX found: |
Source: | Directory: | Jump to behavior | ||
Source: | Directory: | Jump to behavior | ||
Source: | Directory: | Jump to behavior | ||
Source: | Directory: | Jump to behavior | ||
Source: | Directory: | Jump to behavior | ||
Source: | Directory: | Jump to behavior | ||
Source: | Directory: | Jump to behavior | ||
Source: | Directory: | Jump to behavior | ||
Source: | Directory: | Jump to behavior | ||
Source: | Directory: | Jump to behavior | ||
Source: | Directory: | Jump to behavior | ||
Source: | Directory: | Jump to behavior | ||
Source: | Directory: | Jump to behavior | ||
Source: | Directory: | Jump to behavior | ||
Source: | Directory: | Jump to behavior | ||
Source: | Directory: | Jump to behavior | ||
Source: | Directory: | Jump to behavior | ||
Source: | Directory: | Jump to behavior | ||
Source: | Directory: | Jump to behavior | ||
Source: | Directory: | Jump to behavior | ||
Source: | Directory: | Jump to behavior | ||
Source: | Directory: | Jump to behavior | ||
Source: | Directory: | Jump to behavior | ||
Source: | Directory: | Jump to behavior | ||
Source: | Directory: | Jump to behavior | ||
Source: | Directory: | Jump to behavior |
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior |
Source: | Submission file: |
Source: | Queries kernel information via 'uname': | Jump to behavior | ||
Source: | Queries kernel information via 'uname': | Jump to behavior | ||
Source: | Queries kernel information via 'uname': | Jump to behavior | ||
Source: | Queries kernel information via 'uname': | Jump to behavior | ||
Source: | Queries kernel information via 'uname': | Jump to behavior | ||
Source: | Queries kernel information via 'uname': | Jump to behavior | ||
Source: | Queries kernel information via 'uname': | Jump to behavior | ||
Source: | Queries kernel information via 'uname': | Jump to behavior |
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: |
Stealing of Sensitive Information |
---|
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: |
Remote Access Functionality |
---|
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: |
Reconnaissance | Resource Development | Initial Access | Execution | Persistence | Privilege Escalation | Defense Evasion | Credential Access | Discovery | Lateral Movement | Collection | Command and Control | Exfiltration | Impact |
---|---|---|---|---|---|---|---|---|---|---|---|---|---|
Gather Victim Identity Information | Acquire Infrastructure | Valid Accounts | Windows Management Instrumentation | Path Interception | Path Interception | 1 Hidden Files and Directories | 1 OS Credential Dumping | 11 Security Software Discovery | Remote Services | Data from Local System | 1 Encrypted Channel | Exfiltration Over Other Network Medium | 1 Service Stop |
Credentials | Domains | Default Accounts | Scheduled Task/Job | Boot or Logon Initialization Scripts | Boot or Logon Initialization Scripts | 11 Obfuscated Files or Information | LSASS Memory | Application Window Discovery | Remote Desktop Protocol | Data from Removable Media | 1 Non-Standard Port | Exfiltration Over Bluetooth | Network Denial of Service |
Email Addresses | DNS Server | Domain Accounts | At | Logon Script (Windows) | Logon Script (Windows) | Obfuscated Files or Information | Security Account Manager | Query Registry | SMB/Windows Admin Shares | Data from Network Shared Drive | 1 Non-Application Layer Protocol | Automated Exfiltration | Data Encrypted for Impact |
Employee Names | Virtual Private Server | Local Accounts | Cron | Login Hook | Login Hook | Binary Padding | NTDS | System Network Configuration Discovery | Distributed Component Object Model | Input Capture | 2 Application Layer Protocol | Traffic Duplication | Data Destruction |
This section contains all screenshots as thumbnails, including those not shown in the slideshow.
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
52% | Virustotal | Browse | ||
54% | ReversingLabs | Linux.Trojan.Mirai | ||
100% | Avira | EXP/ELF.Agent.F.118 |
Name | IP | Active | Malicious | Antivirus Detection | Reputation |
---|---|---|---|---|---|
daisy.ubuntu.com | 162.213.35.25 | true | false | high |
Name | Source | Malicious | Antivirus Detection | Reputation |
---|---|---|---|---|
false | high |
- No. of IPs < 25%
- 25% < No. of IPs < 50%
- 50% < No. of IPs < 75%
- 75% < No. of IPs
IP | Domain | Country | Flag | ASN | ASN Name | Malicious |
---|---|---|---|---|---|---|
185.125.190.26 | unknown | United Kingdom | 41231 | CANONICAL-ASGB | false | |
196.251.87.222 | unknown | Seychelles | 37417 | SONIC-WirelessZA | false |
Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
---|---|---|---|---|---|---|
185.125.190.26 | Get hash | malicious | Mirai | Browse | ||
Get hash | malicious | Mirai, Moobot | Browse | |||
Get hash | malicious | Unknown | Browse | |||
Get hash | malicious | Unknown | Browse | |||
Get hash | malicious | Unknown | Browse | |||
Get hash | malicious | Mirai | Browse | |||
Get hash | malicious | Unknown | Browse | |||
Get hash | malicious | Prometei | Browse | |||
Get hash | malicious | Gafgyt, Mirai | Browse | |||
Get hash | malicious | Gafgyt, Mirai | Browse | |||
196.251.87.222 | Get hash | malicious | Mirai | Browse |
Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
---|---|---|---|---|---|---|
daisy.ubuntu.com | Get hash | malicious | Mirai | Browse |
| |
Get hash | malicious | Gafgyt, Mirai | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Mirai, Moobot | Browse |
| ||
Get hash | malicious | Gafgyt, Mirai | Browse |
| ||
Get hash | malicious | Gafgyt, Mirai | Browse |
| ||
Get hash | malicious | Gafgyt, Mirai | Browse |
| ||
Get hash | malicious | Gafgyt, Mirai | Browse |
| ||
Get hash | malicious | Gafgyt, Mirai | Browse |
| ||
Get hash | malicious | Gafgyt, Mirai | Browse |
|
Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
---|---|---|---|---|---|---|
SONIC-WirelessZA | Get hash | malicious | Mirai | Browse |
| |
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Mirai | Browse |
| ||
Get hash | malicious | Mirai | Browse |
| ||
Get hash | malicious | Mirai | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Mirai | Browse |
| ||
Get hash | malicious | Mirai | Browse |
| ||
Get hash | malicious | Mirai | Browse |
| ||
CANONICAL-ASGB | Get hash | malicious | Prometei | Browse |
| |
Get hash | malicious | Mirai | Browse |
| ||
Get hash | malicious | Mirai | Browse |
| ||
Get hash | malicious | Prometei | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Prometei | Browse |
| ||
Get hash | malicious | Prometei | Browse |
| ||
Get hash | malicious | Prometei | Browse |
| ||
Get hash | malicious | Prometei | Browse |
| ||
Get hash | malicious | Prometei | Browse |
|
File type: | |
Entropy (8bit): | 7.904652202323118 |
TrID: |
|
File name: | boatnet.ppc.elf |
File size: | 21'884 bytes |
MD5: | 77849bc051d328ff1196fcc392bf5281 |
SHA1: | 6e9e6e591cc5c90e203a0cd62718db6d06d0abe0 |
SHA256: | 8e22d1223680ae8b0de54121512f11a2023b85336894624380a9282b766a49b6 |
SHA512: | a570b835adee10b324ff2f436cbcb2d8e59b19f4cac00800ea4a90add4358c98b26dff5c20920a7870d7bcda4ac7a9ae2f38cc266749e68ea702e64103d5ddd1 |
SSDEEP: | 384:m/JywWc84Tp2YshxqlDeAkSqjGJLeCE5zRW6C5XXBFCiM4uVcqgw05VxJV:mRxsSVsMD6xiJJE5zRWNtXHK4uVcqgwW |
TLSH: | 45A2D029D345AEF4DFAF9C909782C2C276B587C62786C8E240EEAF012517046B789D59 |
File Content Preview: | .ELF......................B....4.........4. ...(......................Tx..Tx...............D...D...D................dt.Q................................UPX!...........\...\.......R.......?.E.h4...@b............./.}....D*aN.........t.w..X.^6>....d........+ |
ELF header | |
---|---|
Class: | |
Data: | |
Version: | |
Machine: | |
Version Number: | |
Type: | |
OS/ABI: | |
ABI Version: | 0 |
Entry Point Address: | |
Flags: | |
ELF Header Size: | 52 |
Program Header Offset: | 52 |
Program Header Size: | 32 |
Number of Program Headers: | 3 |
Section Header Offset: | 0 |
Section Header Size: | 40 |
Number of Section Headers: | 0 |
Header String Table Index: | 0 |
Type | Offset | Virtual Address | Physical Address | File Size | Memory Size | Entropy | Flags | Flags Description | Align | Prog Interpreter | Section Mappings |
---|---|---|---|---|---|---|---|---|---|---|---|
LOAD | 0x0 | 0x100000 | 0x100000 | 0x5478 | 0x5478 | 7.9091 | 0x5 | R E | 0x10000 | ||
LOAD | 0xd544 | 0x1001d544 | 0x1001d544 | 0x0 | 0x0 | 0.0000 | 0x6 | RW | 0x10000 | ||
GNU_STACK | 0x0 | 0x0 | 0x0 | 0x0 | 0x0 | 0.0000 | 0x6 | RW | 0x4 |
Download Network PCAP: filtered – full
- Total Packets: 52
Timestamp | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|
Feb 18, 2025 01:23:05.520503998 CET | 44880 | 3778 | 192.168.2.13 | 196.251.87.222 |
Feb 18, 2025 01:23:05.526581049 CET | 3778 | 44880 | 196.251.87.222 | 192.168.2.13 |
Feb 18, 2025 01:23:05.526662111 CET | 44880 | 3778 | 192.168.2.13 | 196.251.87.222 |
Feb 18, 2025 01:23:05.543497086 CET | 44880 | 3778 | 192.168.2.13 | 196.251.87.222 |
Feb 18, 2025 01:23:05.548320055 CET | 3778 | 44880 | 196.251.87.222 | 192.168.2.13 |
Feb 18, 2025 01:23:05.548367977 CET | 44880 | 3778 | 192.168.2.13 | 196.251.87.222 |
Feb 18, 2025 01:23:05.554833889 CET | 3778 | 44880 | 196.251.87.222 | 192.168.2.13 |
Feb 18, 2025 01:23:06.235245943 CET | 3778 | 44880 | 196.251.87.222 | 192.168.2.13 |
Feb 18, 2025 01:23:06.235769987 CET | 44880 | 3778 | 192.168.2.13 | 196.251.87.222 |
Feb 18, 2025 01:23:06.235769987 CET | 44880 | 3778 | 192.168.2.13 | 196.251.87.222 |
Feb 18, 2025 01:23:06.236493111 CET | 44882 | 3778 | 192.168.2.13 | 196.251.87.222 |
Feb 18, 2025 01:23:06.242053986 CET | 3778 | 44882 | 196.251.87.222 | 192.168.2.13 |
Feb 18, 2025 01:23:06.242158890 CET | 44882 | 3778 | 192.168.2.13 | 196.251.87.222 |
Feb 18, 2025 01:23:06.243356943 CET | 44882 | 3778 | 192.168.2.13 | 196.251.87.222 |
Feb 18, 2025 01:23:06.248886108 CET | 3778 | 44882 | 196.251.87.222 | 192.168.2.13 |
Feb 18, 2025 01:23:06.248944044 CET | 44882 | 3778 | 192.168.2.13 | 196.251.87.222 |
Feb 18, 2025 01:23:06.254350901 CET | 3778 | 44882 | 196.251.87.222 | 192.168.2.13 |
Feb 18, 2025 01:23:06.944839954 CET | 3778 | 44882 | 196.251.87.222 | 192.168.2.13 |
Feb 18, 2025 01:23:06.945099115 CET | 44882 | 3778 | 192.168.2.13 | 196.251.87.222 |
Feb 18, 2025 01:23:06.945099115 CET | 44882 | 3778 | 192.168.2.13 | 196.251.87.222 |
Feb 18, 2025 01:23:06.945940018 CET | 44884 | 3778 | 192.168.2.13 | 196.251.87.222 |
Feb 18, 2025 01:23:06.951858997 CET | 3778 | 44884 | 196.251.87.222 | 192.168.2.13 |
Feb 18, 2025 01:23:06.951968908 CET | 44884 | 3778 | 192.168.2.13 | 196.251.87.222 |
Feb 18, 2025 01:23:06.952754974 CET | 44884 | 3778 | 192.168.2.13 | 196.251.87.222 |
Feb 18, 2025 01:23:06.959076881 CET | 3778 | 44884 | 196.251.87.222 | 192.168.2.13 |
Feb 18, 2025 01:23:06.959142923 CET | 44884 | 3778 | 192.168.2.13 | 196.251.87.222 |
Feb 18, 2025 01:23:06.965729952 CET | 3778 | 44884 | 196.251.87.222 | 192.168.2.13 |
Feb 18, 2025 01:23:07.668359995 CET | 3778 | 44884 | 196.251.87.222 | 192.168.2.13 |
Feb 18, 2025 01:23:07.668665886 CET | 44884 | 3778 | 192.168.2.13 | 196.251.87.222 |
Feb 18, 2025 01:23:07.668665886 CET | 44884 | 3778 | 192.168.2.13 | 196.251.87.222 |
Feb 18, 2025 01:23:07.669331074 CET | 44886 | 3778 | 192.168.2.13 | 196.251.87.222 |
Feb 18, 2025 01:23:07.674201965 CET | 3778 | 44886 | 196.251.87.222 | 192.168.2.13 |
Feb 18, 2025 01:23:07.674391985 CET | 44886 | 3778 | 192.168.2.13 | 196.251.87.222 |
Feb 18, 2025 01:23:07.675257921 CET | 44886 | 3778 | 192.168.2.13 | 196.251.87.222 |
Feb 18, 2025 01:23:07.680038929 CET | 3778 | 44886 | 196.251.87.222 | 192.168.2.13 |
Feb 18, 2025 01:23:07.680139065 CET | 44886 | 3778 | 192.168.2.13 | 196.251.87.222 |
Feb 18, 2025 01:23:07.684950113 CET | 3778 | 44886 | 196.251.87.222 | 192.168.2.13 |
Feb 18, 2025 01:23:08.362572908 CET | 3778 | 44886 | 196.251.87.222 | 192.168.2.13 |
Feb 18, 2025 01:23:08.362696886 CET | 44886 | 3778 | 192.168.2.13 | 196.251.87.222 |
Feb 18, 2025 01:23:08.362735033 CET | 44886 | 3778 | 192.168.2.13 | 196.251.87.222 |
Feb 18, 2025 01:23:08.363501072 CET | 44888 | 3778 | 192.168.2.13 | 196.251.87.222 |
Feb 18, 2025 01:23:08.368410110 CET | 3778 | 44888 | 196.251.87.222 | 192.168.2.13 |
Feb 18, 2025 01:23:08.368484020 CET | 44888 | 3778 | 192.168.2.13 | 196.251.87.222 |
Feb 18, 2025 01:23:08.369287014 CET | 44888 | 3778 | 192.168.2.13 | 196.251.87.222 |
Feb 18, 2025 01:23:08.374090910 CET | 3778 | 44888 | 196.251.87.222 | 192.168.2.13 |
Feb 18, 2025 01:23:08.374146938 CET | 44888 | 3778 | 192.168.2.13 | 196.251.87.222 |
Feb 18, 2025 01:23:08.378930092 CET | 3778 | 44888 | 196.251.87.222 | 192.168.2.13 |
Feb 18, 2025 01:23:09.054315090 CET | 3778 | 44888 | 196.251.87.222 | 192.168.2.13 |
Feb 18, 2025 01:23:09.054476023 CET | 44888 | 3778 | 192.168.2.13 | 196.251.87.222 |
Feb 18, 2025 01:23:09.054537058 CET | 44888 | 3778 | 192.168.2.13 | 196.251.87.222 |
Feb 18, 2025 01:23:09.055278063 CET | 44890 | 3778 | 192.168.2.13 | 196.251.87.222 |
Feb 18, 2025 01:23:09.060075045 CET | 3778 | 44890 | 196.251.87.222 | 192.168.2.13 |
Feb 18, 2025 01:23:09.060149908 CET | 44890 | 3778 | 192.168.2.13 | 196.251.87.222 |
Feb 18, 2025 01:23:09.060962915 CET | 44890 | 3778 | 192.168.2.13 | 196.251.87.222 |
Feb 18, 2025 01:23:09.065757990 CET | 3778 | 44890 | 196.251.87.222 | 192.168.2.13 |
Feb 18, 2025 01:23:09.065834999 CET | 44890 | 3778 | 192.168.2.13 | 196.251.87.222 |
Feb 18, 2025 01:23:09.070600033 CET | 3778 | 44890 | 196.251.87.222 | 192.168.2.13 |
Feb 18, 2025 01:23:09.759646893 CET | 3778 | 44890 | 196.251.87.222 | 192.168.2.13 |
Feb 18, 2025 01:23:09.759815931 CET | 44890 | 3778 | 192.168.2.13 | 196.251.87.222 |
Feb 18, 2025 01:23:09.759872913 CET | 44890 | 3778 | 192.168.2.13 | 196.251.87.222 |
Feb 18, 2025 01:23:09.760624886 CET | 44892 | 3778 | 192.168.2.13 | 196.251.87.222 |
Feb 18, 2025 01:23:09.765445948 CET | 3778 | 44892 | 196.251.87.222 | 192.168.2.13 |
Feb 18, 2025 01:23:09.765505075 CET | 44892 | 3778 | 192.168.2.13 | 196.251.87.222 |
Feb 18, 2025 01:23:09.767178059 CET | 44892 | 3778 | 192.168.2.13 | 196.251.87.222 |
Feb 18, 2025 01:23:09.771962881 CET | 3778 | 44892 | 196.251.87.222 | 192.168.2.13 |
Feb 18, 2025 01:23:09.772078991 CET | 44892 | 3778 | 192.168.2.13 | 196.251.87.222 |
Feb 18, 2025 01:23:09.776868105 CET | 3778 | 44892 | 196.251.87.222 | 192.168.2.13 |
Feb 18, 2025 01:23:10.458206892 CET | 3778 | 44892 | 196.251.87.222 | 192.168.2.13 |
Feb 18, 2025 01:23:10.458441973 CET | 44892 | 3778 | 192.168.2.13 | 196.251.87.222 |
Feb 18, 2025 01:23:10.458441973 CET | 44892 | 3778 | 192.168.2.13 | 196.251.87.222 |
Feb 18, 2025 01:23:10.459275961 CET | 44894 | 3778 | 192.168.2.13 | 196.251.87.222 |
Feb 18, 2025 01:23:10.464118004 CET | 3778 | 44894 | 196.251.87.222 | 192.168.2.13 |
Feb 18, 2025 01:23:10.464222908 CET | 44894 | 3778 | 192.168.2.13 | 196.251.87.222 |
Feb 18, 2025 01:23:10.465230942 CET | 44894 | 3778 | 192.168.2.13 | 196.251.87.222 |
Feb 18, 2025 01:23:10.470010996 CET | 3778 | 44894 | 196.251.87.222 | 192.168.2.13 |
Feb 18, 2025 01:23:10.470050097 CET | 44894 | 3778 | 192.168.2.13 | 196.251.87.222 |
Feb 18, 2025 01:23:10.474873066 CET | 3778 | 44894 | 196.251.87.222 | 192.168.2.13 |
Feb 18, 2025 01:23:11.019849062 CET | 44894 | 3778 | 192.168.2.13 | 196.251.87.222 |
Feb 18, 2025 01:23:11.025007963 CET | 3778 | 44894 | 196.251.87.222 | 192.168.2.13 |
Feb 18, 2025 01:23:11.025067091 CET | 44894 | 3778 | 192.168.2.13 | 196.251.87.222 |
Feb 18, 2025 01:23:15.571436882 CET | 48202 | 443 | 192.168.2.13 | 185.125.190.26 |
Feb 18, 2025 01:23:46.547698975 CET | 48202 | 443 | 192.168.2.13 | 185.125.190.26 |
Timestamp | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|
Feb 18, 2025 01:25:50.449100971 CET | 56970 | 53 | 192.168.2.13 | 8.8.8.8 |
Feb 18, 2025 01:25:50.449193001 CET | 59353 | 53 | 192.168.2.13 | 8.8.8.8 |
Feb 18, 2025 01:25:50.455518961 CET | 53 | 59353 | 8.8.8.8 | 192.168.2.13 |
Feb 18, 2025 01:25:50.456091881 CET | 53 | 56970 | 8.8.8.8 | 192.168.2.13 |
Timestamp | Source IP | Dest IP | Trans ID | OP Code | Name | Type | Class | DNS over HTTPS |
---|---|---|---|---|---|---|---|---|
Feb 18, 2025 01:25:50.449100971 CET | 192.168.2.13 | 8.8.8.8 | 0x2846 | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Feb 18, 2025 01:25:50.449193001 CET | 192.168.2.13 | 8.8.8.8 | 0xacf9 | Standard query (0) | 28 | IN (0x0001) | false |
Timestamp | Source IP | Dest IP | Trans ID | Reply Code | Name | CName | Address | Type | Class | DNS over HTTPS |
---|---|---|---|---|---|---|---|---|---|---|
Feb 18, 2025 01:25:50.456091881 CET | 8.8.8.8 | 192.168.2.13 | 0x2846 | No error (0) | 162.213.35.25 | A (IP address) | IN (0x0001) | false | ||
Feb 18, 2025 01:25:50.456091881 CET | 8.8.8.8 | 192.168.2.13 | 0x2846 | No error (0) | 162.213.35.24 | A (IP address) | IN (0x0001) | false |
System Behavior
Start time (UTC): | 00:23:04 |
Start date (UTC): | 18/02/2025 |
Path: | /tmp/boatnet.ppc.elf |
Arguments: | /tmp/boatnet.ppc.elf |
File size: | 5388968 bytes |
MD5 hash: | ae65271c943d3451b7f026d1fadccea6 |
Start time (UTC): | 00:23:04 |
Start date (UTC): | 18/02/2025 |
Path: | /tmp/boatnet.ppc.elf |
Arguments: | - |
File size: | 5388968 bytes |
MD5 hash: | ae65271c943d3451b7f026d1fadccea6 |
Start time (UTC): | 00:23:04 |
Start date (UTC): | 18/02/2025 |
Path: | /tmp/boatnet.ppc.elf |
Arguments: | - |
File size: | 5388968 bytes |
MD5 hash: | ae65271c943d3451b7f026d1fadccea6 |
Start time (UTC): | 00:23:04 |
Start date (UTC): | 18/02/2025 |
Path: | /tmp/boatnet.ppc.elf |
Arguments: | - |
File size: | 5388968 bytes |
MD5 hash: | ae65271c943d3451b7f026d1fadccea6 |
Start time (UTC): | 00:23:10 |
Start date (UTC): | 18/02/2025 |
Path: | /usr/bin/xfce4-panel |
Arguments: | - |
File size: | 375768 bytes |
MD5 hash: | a15b657c7d54ac1385f1f15004ea6784 |
Start time (UTC): | 00:23:10 |
Start date (UTC): | 18/02/2025 |
Path: | /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 |
Arguments: | /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 /usr/lib/x86_64-linux-gnu/xfce4/panel/plugins/libsystray.so 6 12582920 systray "Notification Area" "Area where notification icons appear" |
File size: | 35136 bytes |
MD5 hash: | ac0b8a906f359a8ae102244738682e76 |
Start time (UTC): | 00:23:10 |
Start date (UTC): | 18/02/2025 |
Path: | /usr/bin/xfce4-panel |
Arguments: | - |
File size: | 375768 bytes |
MD5 hash: | a15b657c7d54ac1385f1f15004ea6784 |
Start time (UTC): | 00:23:10 |
Start date (UTC): | 18/02/2025 |
Path: | /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 |
Arguments: | /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 /usr/lib/x86_64-linux-gnu/xfce4/panel/plugins/libstatusnotifier.so 7 12582921 statusnotifier "Status Notifier Plugin" "Provides a panel area for status notifier items (application indicators)" |
File size: | 35136 bytes |
MD5 hash: | ac0b8a906f359a8ae102244738682e76 |
Start time (UTC): | 00:23:10 |
Start date (UTC): | 18/02/2025 |
Path: | /usr/bin/xfce4-panel |
Arguments: | - |
File size: | 375768 bytes |
MD5 hash: | a15b657c7d54ac1385f1f15004ea6784 |
Start time (UTC): | 00:23:10 |
Start date (UTC): | 18/02/2025 |
Path: | /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 |
Arguments: | /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 /usr/lib/x86_64-linux-gnu/xfce4/panel/plugins/libpulseaudio-plugin.so 8 12582922 pulseaudio "PulseAudio Plugin" "Adjust the audio volume of the PulseAudio sound system" |
File size: | 35136 bytes |
MD5 hash: | ac0b8a906f359a8ae102244738682e76 |
Start time (UTC): | 00:23:10 |
Start date (UTC): | 18/02/2025 |
Path: | /usr/bin/xfce4-panel |
Arguments: | - |
File size: | 375768 bytes |
MD5 hash: | a15b657c7d54ac1385f1f15004ea6784 |
Start time (UTC): | 00:23:10 |
Start date (UTC): | 18/02/2025 |
Path: | /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 |
Arguments: | /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 /usr/lib/x86_64-linux-gnu/xfce4/panel/plugins/libxfce4powermanager.so 9 12582923 power-manager-plugin "Power Manager Plugin" "Display the battery levels of your devices and control the brightness of your display" |
File size: | 35136 bytes |
MD5 hash: | ac0b8a906f359a8ae102244738682e76 |
Start time (UTC): | 00:23:18 |
Start date (UTC): | 18/02/2025 |
Path: | /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 |
Arguments: | - |
File size: | 35136 bytes |
MD5 hash: | ac0b8a906f359a8ae102244738682e76 |
Start time (UTC): | 00:23:18 |
Start date (UTC): | 18/02/2025 |
Path: | /usr/sbin/xfpm-power-backlight-helper |
Arguments: | /usr/sbin/xfpm-power-backlight-helper --get-max-brightness |
File size: | 14656 bytes |
MD5 hash: | 3d221ad23f28ca3259f599b1664e2427 |
Start time (UTC): | 00:23:10 |
Start date (UTC): | 18/02/2025 |
Path: | /usr/bin/xfce4-panel |
Arguments: | - |
File size: | 375768 bytes |
MD5 hash: | a15b657c7d54ac1385f1f15004ea6784 |
Start time (UTC): | 00:23:10 |
Start date (UTC): | 18/02/2025 |
Path: | /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 |
Arguments: | /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 /usr/lib/x86_64-linux-gnu/xfce4/panel/plugins/libnotification-plugin.so 10 12582924 notification-plugin "Notification Plugin" "Notification plugin for the Xfce panel" |
File size: | 35136 bytes |
MD5 hash: | ac0b8a906f359a8ae102244738682e76 |
Start time (UTC): | 00:23:10 |
Start date (UTC): | 18/02/2025 |
Path: | /usr/bin/xfce4-panel |
Arguments: | - |
File size: | 375768 bytes |
MD5 hash: | a15b657c7d54ac1385f1f15004ea6784 |
Start time (UTC): | 00:23:10 |
Start date (UTC): | 18/02/2025 |
Path: | /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 |
Arguments: | /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 /usr/lib/x86_64-linux-gnu/xfce4/panel/plugins/libactions.so 14 12582925 actions "Action Buttons" "Log out, lock or other system actions" |
File size: | 35136 bytes |
MD5 hash: | ac0b8a906f359a8ae102244738682e76 |
Start time (UTC): | 00:23:17 |
Start date (UTC): | 18/02/2025 |
Path: | /usr/bin/dbus-daemon |
Arguments: | - |
File size: | 249032 bytes |
MD5 hash: | 3089d47e3f3ab84cd81c48fd406d7a8c |
Start time (UTC): | 00:23:17 |
Start date (UTC): | 18/02/2025 |
Path: | /usr/lib/x86_64-linux-gnu/xfce4/xfconf/xfconfd |
Arguments: | /usr/lib/x86_64-linux-gnu/xfce4/xfconf/xfconfd |
File size: | 112880 bytes |
MD5 hash: | 4c7a0d6d258bb970905b19b84abcd8e9 |
Start time (UTC): | 00:23:22 |
Start date (UTC): | 18/02/2025 |
Path: | /usr/lib/systemd/systemd |
Arguments: | - |
File size: | 1620224 bytes |
MD5 hash: | 9b2bec7092a40488108543f9334aab75 |
Start time (UTC): | 00:23:22 |
Start date (UTC): | 18/02/2025 |
Path: | /usr/lib/x86_64-linux-gnu/xfce4/notifyd/xfce4-notifyd |
Arguments: | /usr/lib/x86_64-linux-gnu/xfce4/notifyd/xfce4-notifyd |
File size: | 112872 bytes |
MD5 hash: | eee956f1b227c1d5031f9c61223255d1 |