Linux
Analysis Report
boatnet.x86.elf
Overview
General Information
Detection
Mirai
Score: | 72 |
Range: | 0 - 100 |
Signatures
Malicious sample detected (through community Yara rule)
Multi AV Scanner detection for submitted file
Yara detected Mirai
Sample is packed with UPX
Sample tries to kill multiple processes (SIGKILL)
Detected TCP or UDP traffic on non-standard ports
ELF contains segments with high entropy indicating compressed/encrypted content
Enumerates processes within the "proc" file system
Sample contains only a LOAD segment without any section mappings
Sample tries to kill a process (SIGKILL)
Tries to connect to HTTP servers, but all servers are down (expired dropper behavior)
Yara signature match
Classification
Joe Sandbox version: | 42.0.0 Malachite |
Analysis ID: | 1617624 |
Start date and time: | 2025-02-18 05:37:13 +01:00 |
Joe Sandbox product: | CloudBasic |
Overall analysis duration: | 0h 4m 59s |
Hypervisor based Inspection enabled: | false |
Report type: | full |
Cookbook file name: | defaultlinuxfilecookbook.jbs |
Analysis system description: | Ubuntu Linux 20.04 x64 (Kernel 5.4.0-72, Firefox 91.0, Evince Document Viewer 3.36.10, LibreOffice 6.4.7.2, OpenJDK 11.0.11) |
Analysis Mode: | default |
Sample name: | boatnet.x86.elf |
Detection: | MAL |
Classification: | mal72.spre.troj.evad.linELF@0/0@0/0 |
Command: | /tmp/boatnet.x86.elf |
PID: | 6233 |
Exit Code: | 0 |
Exit Code Info: | |
Killed: | False |
Standard Output: | lzrd cock fest"/proc/"/exe |
Standard Error: |
- system is lnxubuntu20
- boatnet.x86.elf New Fork (PID: 6234, Parent: 6233)
- boatnet.x86.elf New Fork (PID: 6235, Parent: 6233)
- boatnet.x86.elf New Fork (PID: 6236, Parent: 6233)
- xfce4-panel New Fork (PID: 6240, Parent: 2063)
- xfce4-panel New Fork (PID: 6241, Parent: 2063)
- xfce4-panel New Fork (PID: 6242, Parent: 2063)
- xfce4-panel New Fork (PID: 6243, Parent: 2063)
- xfce4-panel New Fork (PID: 6244, Parent: 2063)
- xfce4-panel New Fork (PID: 6245, Parent: 2063)
- cleanup
Name | Description | Attribution | Blogpost URLs | Link |
---|---|---|---|---|
Mirai | Mirai is one of the first significant botnets targeting exposed networking devices running Linux. Found in August 2016 by MalwareMustDie, its name means "future" in Japanese. Nowadays it targets a wide range of networked embedded devices such as IP cameras, home routers (many vendors involved), and other IoT devices. Since the source code was published on "Hack Forums" many variants of the Mirai family appeared, infecting mostly home networks all around the world. | No Attribution |
Source | Rule | Description | Author | Strings |
---|---|---|---|---|
JoeSecurity_Mirai_8 | Yara detected Mirai | Joe Security | ||
Linux_Trojan_Gafgyt_28a2fe0c | unknown | unknown |
| |
Linux_Trojan_Gafgyt_ea92cca8 | unknown | unknown |
| |
Linux_Trojan_Mirai_b14f4c5d | unknown | unknown |
| |
Linux_Trojan_Mirai_88de437f | unknown | unknown |
| |
Click to see the 22 entries |
⊘No Suricata rule has matched
- • AV Detection
- • Networking
- • System Summary
- • Data Obfuscation
- • Persistence and Installation Behavior
- • Hooking and other Techniques for Hiding and Protection
- • Stealing of Sensitive Information
- • Remote Access Functionality
Click to jump to signature section
Show All Signature Results
AV Detection |
---|
Source: | ReversingLabs: |
Source: | TCP traffic: |
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: |
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: |
Source: | String found in binary or memory: |
Source: | Network traffic detected: | ||
Source: | Network traffic detected: |
System Summary |
---|
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: |
Source: | SIGKILL sent: | Jump to behavior | ||
Source: | SIGKILL sent: | Jump to behavior | ||
Source: | SIGKILL sent: | Jump to behavior | ||
Source: | SIGKILL sent: | Jump to behavior | ||
Source: | SIGKILL sent: | Jump to behavior | ||
Source: | SIGKILL sent: | Jump to behavior | ||
Source: | SIGKILL sent: | Jump to behavior | ||
Source: | SIGKILL sent: | Jump to behavior | ||
Source: | SIGKILL sent: | Jump to behavior | ||
Source: | SIGKILL sent: | Jump to behavior | ||
Source: | SIGKILL sent: | Jump to behavior | ||
Source: | SIGKILL sent: | Jump to behavior | ||
Source: | SIGKILL sent: | Jump to behavior | ||
Source: | SIGKILL sent: | Jump to behavior | ||
Source: | SIGKILL sent: | Jump to behavior | ||
Source: | SIGKILL sent: | Jump to behavior |
Source: | Program segment: |
Source: | SIGKILL sent: | Jump to behavior | ||
Source: | SIGKILL sent: | Jump to behavior | ||
Source: | SIGKILL sent: | Jump to behavior | ||
Source: | SIGKILL sent: | Jump to behavior | ||
Source: | SIGKILL sent: | Jump to behavior | ||
Source: | SIGKILL sent: | Jump to behavior | ||
Source: | SIGKILL sent: | Jump to behavior | ||
Source: | SIGKILL sent: | Jump to behavior | ||
Source: | SIGKILL sent: | Jump to behavior | ||
Source: | SIGKILL sent: | Jump to behavior | ||
Source: | SIGKILL sent: | Jump to behavior | ||
Source: | SIGKILL sent: | Jump to behavior | ||
Source: | SIGKILL sent: | Jump to behavior | ||
Source: | SIGKILL sent: | Jump to behavior | ||
Source: | SIGKILL sent: | Jump to behavior | ||
Source: | SIGKILL sent: | Jump to behavior |
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: |
Source: | Classification label: |
Data Obfuscation |
---|
Source: | String containing UPX found: | ||
Source: | String containing UPX found: | ||
Source: | String containing UPX found: |
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior |
Source: | Submission file: |
Stealing of Sensitive Information |
---|
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: |
Remote Access Functionality |
---|
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: |
Reconnaissance | Resource Development | Initial Access | Execution | Persistence | Privilege Escalation | Defense Evasion | Credential Access | Discovery | Lateral Movement | Collection | Command and Control | Exfiltration | Impact |
---|---|---|---|---|---|---|---|---|---|---|---|---|---|
Gather Victim Identity Information | Acquire Infrastructure | Valid Accounts | Windows Management Instrumentation | Path Interception | Path Interception | 11 Obfuscated Files or Information | 1 OS Credential Dumping | System Service Discovery | Remote Services | Data from Local System | 1 Encrypted Channel | Exfiltration Over Other Network Medium | 1 Service Stop |
Credentials | Domains | Default Accounts | Scheduled Task/Job | Boot or Logon Initialization Scripts | Boot or Logon Initialization Scripts | Rootkit | LSASS Memory | Application Window Discovery | Remote Desktop Protocol | Data from Removable Media | 1 Non-Standard Port | Exfiltration Over Bluetooth | Network Denial of Service |
Email Addresses | DNS Server | Domain Accounts | At | Logon Script (Windows) | Logon Script (Windows) | Obfuscated Files or Information | Security Account Manager | Query Registry | SMB/Windows Admin Shares | Data from Network Shared Drive | 1 Application Layer Protocol | Automated Exfiltration | Data Encrypted for Impact |
⊘No configs have been found
This section contains all screenshots as thumbnails, including those not shown in the slideshow.
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
54% | ReversingLabs | Linux.Backdoor.Mirai |
⊘No Antivirus matches
⊘No Antivirus matches
⊘No Antivirus matches
⊘No contacted domains info
Name | Source | Malicious | Antivirus Detection | Reputation |
---|---|---|---|---|
false | high |
- No. of IPs < 25%
- 25% < No. of IPs < 50%
- 50% < No. of IPs < 75%
- 75% < No. of IPs
IP | Domain | Country | Flag | ASN | ASN Name | Malicious |
---|---|---|---|---|---|---|
109.202.202.202 | unknown | Switzerland | 13030 | INIT7CH | false | |
5.83.218.12 | unknown | United Kingdom | 51059 | BRIGHTBOX-ASGB | false | |
91.189.91.43 | unknown | United Kingdom | 41231 | CANONICAL-ASGB | false | |
91.189.91.42 | unknown | United Kingdom | 41231 | CANONICAL-ASGB | false |
Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
---|---|---|---|---|---|---|
109.202.202.202 | Get hash | malicious | Unknown | Browse |
| |
5.83.218.12 | Get hash | malicious | Mirai | Browse | ||
Get hash | malicious | Mirai | Browse | |||
Get hash | malicious | Mirai | Browse | |||
Get hash | malicious | Mirai | Browse | |||
Get hash | malicious | Mirai | Browse | |||
Get hash | malicious | Mirai | Browse | |||
Get hash | malicious | Mirai | Browse | |||
Get hash | malicious | Mirai | Browse | |||
Get hash | malicious | Mirai | Browse | |||
Get hash | malicious | Mirai | Browse | |||
91.189.91.43 | Get hash | malicious | Gafgyt, Mirai | Browse | ||
Get hash | malicious | Prometei | Browse | |||
Get hash | malicious | Mirai | Browse | |||
Get hash | malicious | Mirai | Browse | |||
Get hash | malicious | Mirai | Browse | |||
Get hash | malicious | Mirai | Browse | |||
Get hash | malicious | Prometei | Browse | |||
Get hash | malicious | Mirai | Browse | |||
Get hash | malicious | Mirai | Browse | |||
Get hash | malicious | Prometei | Browse | |||
91.189.91.42 | Get hash | malicious | Gafgyt, Mirai | Browse | ||
Get hash | malicious | Prometei | Browse | |||
Get hash | malicious | Mirai | Browse | |||
Get hash | malicious | Mirai | Browse | |||
Get hash | malicious | Mirai | Browse | |||
Get hash | malicious | Mirai | Browse | |||
Get hash | malicious | Prometei | Browse | |||
Get hash | malicious | Mirai | Browse | |||
Get hash | malicious | Mirai | Browse | |||
Get hash | malicious | Prometei | Browse |
⊘No context
Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
---|---|---|---|---|---|---|
CANONICAL-ASGB | Get hash | malicious | Gafgyt, Mirai | Browse |
| |
Get hash | malicious | Prometei | Browse |
| ||
Get hash | malicious | Mirai | Browse |
| ||
Get hash | malicious | Mirai | Browse |
| ||
Get hash | malicious | Mirai | Browse |
| ||
Get hash | malicious | Mirai | Browse |
| ||
Get hash | malicious | Mirai | Browse |
| ||
Get hash | malicious | Prometei | Browse |
| ||
Get hash | malicious | Mirai | Browse |
| ||
Get hash | malicious | Mirai | Browse |
| ||
BRIGHTBOX-ASGB | Get hash | malicious | Mirai | Browse |
| |
Get hash | malicious | Mirai | Browse |
| ||
Get hash | malicious | Mirai | Browse |
| ||
Get hash | malicious | Mirai | Browse |
| ||
Get hash | malicious | Mirai | Browse |
| ||
Get hash | malicious | Mirai | Browse |
| ||
Get hash | malicious | HTMLPhisher | Browse |
| ||
Get hash | malicious | Mirai | Browse |
| ||
Get hash | malicious | Mirai | Browse |
| ||
Get hash | malicious | Mirai | Browse |
| ||
CANONICAL-ASGB | Get hash | malicious | Gafgyt, Mirai | Browse |
| |
Get hash | malicious | Prometei | Browse |
| ||
Get hash | malicious | Mirai | Browse |
| ||
Get hash | malicious | Mirai | Browse |
| ||
Get hash | malicious | Mirai | Browse |
| ||
Get hash | malicious | Mirai | Browse |
| ||
Get hash | malicious | Mirai | Browse |
| ||
Get hash | malicious | Prometei | Browse |
| ||
Get hash | malicious | Mirai | Browse |
| ||
Get hash | malicious | Mirai | Browse |
| ||
INIT7CH | Get hash | malicious | Gafgyt, Mirai | Browse |
| |
Get hash | malicious | Prometei | Browse |
| ||
Get hash | malicious | Mirai | Browse |
| ||
Get hash | malicious | Mirai | Browse |
| ||
Get hash | malicious | Mirai | Browse |
| ||
Get hash | malicious | Mirai | Browse |
| ||
Get hash | malicious | Prometei | Browse |
| ||
Get hash | malicious | Mirai | Browse |
| ||
Get hash | malicious | Mirai | Browse |
| ||
Get hash | malicious | Prometei | Browse |
|
⊘No context
⊘No context
⊘No created / dropped files found
File type: | |
Entropy (8bit): | 7.844747431633357 |
TrID: |
|
File name: | boatnet.x86.elf |
File size: | 21'492 bytes |
MD5: | e77d89e82c4a1ae4107fca98b6843e32 |
SHA1: | e377753c40e14f03a510ec600dc18b5ec91dc5b1 |
SHA256: | d6d0b77b182118e5bef12d8cec462757670159046e1de013d3f38c8ee8001986 |
SHA512: | 0fc18c0ec56f601a810b7499a55b749213ccac6a81041ce21cc9293f24cb9bf81aca9aa3fdd42a05b5a46db966c4eec407fac6eba499cbd8f06aef32264bbaa0 |
SSDEEP: | 384:M0DLpj8s/qPui8uZxoIA57RWQjJiEVi+ZkXaz1Hb+502F2vwA9B1fKVVXT3SyY:x98o08kxofBE+ZkXaVbp2F2n8VVXZY |
TLSH: | B7A2E018BF1C458BC936393542E9E9C62291EC61F3ACDD595990C05FF5A73997030F85 |
File Content Preview: | .ELF.....................Z..4...........4. ...(......................R...R...................G...G..................Q.td................................UPX!....................Y.......w....ELF.......d....g..4...34. (.....[..;;.F.@....'..6..f?..@..>....{?i |
ELF header | |
---|---|
Class: | |
Data: | |
Version: | |
Machine: | |
Version Number: | |
Type: | |
OS/ABI: | |
ABI Version: | 0 |
Entry Point Address: | |
Flags: | |
ELF Header Size: | 52 |
Program Header Offset: | 52 |
Program Header Size: | 32 |
Number of Program Headers: | 3 |
Section Header Offset: | 0 |
Section Header Size: | 40 |
Number of Section Headers: | 0 |
Header String Table Index: | 0 |
Type | Offset | Virtual Address | Physical Address | File Size | Memory Size | Entropy | Flags | Flags Description | Align | Prog Interpreter | Section Mappings |
---|---|---|---|---|---|---|---|---|---|---|---|
LOAD | 0x0 | 0xc01000 | 0xc01000 | 0x52f4 | 0x52f4 | 7.8484 | 0x5 | R E | 0x1000 | ||
LOAD | 0x7a0 | 0x80547a0 | 0x80547a0 | 0x0 | 0x0 | 0.0000 | 0x6 | RW | 0x1000 | ||
GNU_STACK | 0x0 | 0x0 | 0x0 | 0x0 | 0x0 | 0.0000 | 0x6 | RW | 0x4 |
Download Network PCAP: filtered – full
- Total Packets: 73
Timestamp | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|
Feb 18, 2025 05:37:58.335881948 CET | 43928 | 443 | 192.168.2.23 | 91.189.91.42 |
Feb 18, 2025 05:37:58.561665058 CET | 56170 | 3778 | 192.168.2.23 | 5.83.218.12 |
Feb 18, 2025 05:37:58.566831112 CET | 3778 | 56170 | 5.83.218.12 | 192.168.2.23 |
Feb 18, 2025 05:37:58.566903114 CET | 56170 | 3778 | 192.168.2.23 | 5.83.218.12 |
Feb 18, 2025 05:37:58.566931963 CET | 56170 | 3778 | 192.168.2.23 | 5.83.218.12 |
Feb 18, 2025 05:37:58.572859049 CET | 3778 | 56170 | 5.83.218.12 | 192.168.2.23 |
Feb 18, 2025 05:37:58.572906017 CET | 56170 | 3778 | 192.168.2.23 | 5.83.218.12 |
Feb 18, 2025 05:37:58.579138041 CET | 3778 | 56170 | 5.83.218.12 | 192.168.2.23 |
Feb 18, 2025 05:37:59.166426897 CET | 3778 | 56170 | 5.83.218.12 | 192.168.2.23 |
Feb 18, 2025 05:37:59.166675091 CET | 56170 | 3778 | 192.168.2.23 | 5.83.218.12 |
Feb 18, 2025 05:37:59.166704893 CET | 56170 | 3778 | 192.168.2.23 | 5.83.218.12 |
Feb 18, 2025 05:37:59.166719913 CET | 56172 | 3778 | 192.168.2.23 | 5.83.218.12 |
Feb 18, 2025 05:37:59.171794891 CET | 3778 | 56172 | 5.83.218.12 | 192.168.2.23 |
Feb 18, 2025 05:37:59.171854973 CET | 56172 | 3778 | 192.168.2.23 | 5.83.218.12 |
Feb 18, 2025 05:37:59.171881914 CET | 56172 | 3778 | 192.168.2.23 | 5.83.218.12 |
Feb 18, 2025 05:37:59.176861048 CET | 3778 | 56172 | 5.83.218.12 | 192.168.2.23 |
Feb 18, 2025 05:37:59.176911116 CET | 56172 | 3778 | 192.168.2.23 | 5.83.218.12 |
Feb 18, 2025 05:37:59.182179928 CET | 3778 | 56172 | 5.83.218.12 | 192.168.2.23 |
Feb 18, 2025 05:37:59.769509077 CET | 3778 | 56172 | 5.83.218.12 | 192.168.2.23 |
Feb 18, 2025 05:37:59.769783974 CET | 56172 | 3778 | 192.168.2.23 | 5.83.218.12 |
Feb 18, 2025 05:37:59.769783974 CET | 56172 | 3778 | 192.168.2.23 | 5.83.218.12 |
Feb 18, 2025 05:37:59.769783974 CET | 56174 | 3778 | 192.168.2.23 | 5.83.218.12 |
Feb 18, 2025 05:37:59.774653912 CET | 3778 | 56174 | 5.83.218.12 | 192.168.2.23 |
Feb 18, 2025 05:37:59.774701118 CET | 56174 | 3778 | 192.168.2.23 | 5.83.218.12 |
Feb 18, 2025 05:37:59.774722099 CET | 56174 | 3778 | 192.168.2.23 | 5.83.218.12 |
Feb 18, 2025 05:37:59.779525995 CET | 3778 | 56174 | 5.83.218.12 | 192.168.2.23 |
Feb 18, 2025 05:37:59.779567957 CET | 56174 | 3778 | 192.168.2.23 | 5.83.218.12 |
Feb 18, 2025 05:37:59.784317017 CET | 3778 | 56174 | 5.83.218.12 | 192.168.2.23 |
Feb 18, 2025 05:38:00.365744114 CET | 3778 | 56174 | 5.83.218.12 | 192.168.2.23 |
Feb 18, 2025 05:38:00.365890980 CET | 56174 | 3778 | 192.168.2.23 | 5.83.218.12 |
Feb 18, 2025 05:38:00.365928888 CET | 56174 | 3778 | 192.168.2.23 | 5.83.218.12 |
Feb 18, 2025 05:38:00.365962029 CET | 56176 | 3778 | 192.168.2.23 | 5.83.218.12 |
Feb 18, 2025 05:38:00.370827913 CET | 3778 | 56176 | 5.83.218.12 | 192.168.2.23 |
Feb 18, 2025 05:38:00.370949984 CET | 56176 | 3778 | 192.168.2.23 | 5.83.218.12 |
Feb 18, 2025 05:38:00.370949984 CET | 56176 | 3778 | 192.168.2.23 | 5.83.218.12 |
Feb 18, 2025 05:38:00.375850916 CET | 3778 | 56176 | 5.83.218.12 | 192.168.2.23 |
Feb 18, 2025 05:38:00.375916004 CET | 56176 | 3778 | 192.168.2.23 | 5.83.218.12 |
Feb 18, 2025 05:38:00.380709887 CET | 3778 | 56176 | 5.83.218.12 | 192.168.2.23 |
Feb 18, 2025 05:38:00.960455894 CET | 3778 | 56176 | 5.83.218.12 | 192.168.2.23 |
Feb 18, 2025 05:38:00.960639000 CET | 56176 | 3778 | 192.168.2.23 | 5.83.218.12 |
Feb 18, 2025 05:38:00.960761070 CET | 56176 | 3778 | 192.168.2.23 | 5.83.218.12 |
Feb 18, 2025 05:38:00.960834026 CET | 56178 | 3778 | 192.168.2.23 | 5.83.218.12 |
Feb 18, 2025 05:38:00.965647936 CET | 3778 | 56178 | 5.83.218.12 | 192.168.2.23 |
Feb 18, 2025 05:38:00.965751886 CET | 56178 | 3778 | 192.168.2.23 | 5.83.218.12 |
Feb 18, 2025 05:38:00.965802908 CET | 56178 | 3778 | 192.168.2.23 | 5.83.218.12 |
Feb 18, 2025 05:38:00.970621109 CET | 3778 | 56178 | 5.83.218.12 | 192.168.2.23 |
Feb 18, 2025 05:38:00.970694065 CET | 56178 | 3778 | 192.168.2.23 | 5.83.218.12 |
Feb 18, 2025 05:38:00.975573063 CET | 3778 | 56178 | 5.83.218.12 | 192.168.2.23 |
Feb 18, 2025 05:38:01.556534052 CET | 3778 | 56178 | 5.83.218.12 | 192.168.2.23 |
Feb 18, 2025 05:38:01.556745052 CET | 56178 | 3778 | 192.168.2.23 | 5.83.218.12 |
Feb 18, 2025 05:38:01.556746006 CET | 56178 | 3778 | 192.168.2.23 | 5.83.218.12 |
Feb 18, 2025 05:38:01.556799889 CET | 56180 | 3778 | 192.168.2.23 | 5.83.218.12 |
Feb 18, 2025 05:38:01.561716080 CET | 3778 | 56180 | 5.83.218.12 | 192.168.2.23 |
Feb 18, 2025 05:38:01.561853886 CET | 56180 | 3778 | 192.168.2.23 | 5.83.218.12 |
Feb 18, 2025 05:38:01.561918020 CET | 56180 | 3778 | 192.168.2.23 | 5.83.218.12 |
Feb 18, 2025 05:38:01.566726923 CET | 3778 | 56180 | 5.83.218.12 | 192.168.2.23 |
Feb 18, 2025 05:38:01.566803932 CET | 56180 | 3778 | 192.168.2.23 | 5.83.218.12 |
Feb 18, 2025 05:38:01.571590900 CET | 3778 | 56180 | 5.83.218.12 | 192.168.2.23 |
Feb 18, 2025 05:38:02.180547953 CET | 3778 | 56180 | 5.83.218.12 | 192.168.2.23 |
Feb 18, 2025 05:38:02.180666924 CET | 56180 | 3778 | 192.168.2.23 | 5.83.218.12 |
Feb 18, 2025 05:38:02.180752039 CET | 56180 | 3778 | 192.168.2.23 | 5.83.218.12 |
Feb 18, 2025 05:38:02.180790901 CET | 56182 | 3778 | 192.168.2.23 | 5.83.218.12 |
Feb 18, 2025 05:38:02.185715914 CET | 3778 | 56182 | 5.83.218.12 | 192.168.2.23 |
Feb 18, 2025 05:38:02.185805082 CET | 56182 | 3778 | 192.168.2.23 | 5.83.218.12 |
Feb 18, 2025 05:38:02.185853004 CET | 56182 | 3778 | 192.168.2.23 | 5.83.218.12 |
Feb 18, 2025 05:38:02.191063881 CET | 3778 | 56182 | 5.83.218.12 | 192.168.2.23 |
Feb 18, 2025 05:38:02.191148996 CET | 56182 | 3778 | 192.168.2.23 | 5.83.218.12 |
Feb 18, 2025 05:38:02.196027040 CET | 3778 | 56182 | 5.83.218.12 | 192.168.2.23 |
Feb 18, 2025 05:38:02.784316063 CET | 3778 | 56182 | 5.83.218.12 | 192.168.2.23 |
Feb 18, 2025 05:38:02.784447908 CET | 56182 | 3778 | 192.168.2.23 | 5.83.218.12 |
Feb 18, 2025 05:38:02.784526110 CET | 56182 | 3778 | 192.168.2.23 | 5.83.218.12 |
Feb 18, 2025 05:38:02.784528017 CET | 56184 | 3778 | 192.168.2.23 | 5.83.218.12 |
Feb 18, 2025 05:38:02.789356947 CET | 3778 | 56184 | 5.83.218.12 | 192.168.2.23 |
Feb 18, 2025 05:38:02.789437056 CET | 56184 | 3778 | 192.168.2.23 | 5.83.218.12 |
Feb 18, 2025 05:38:02.789437056 CET | 56184 | 3778 | 192.168.2.23 | 5.83.218.12 |
Feb 18, 2025 05:38:02.794310093 CET | 3778 | 56184 | 5.83.218.12 | 192.168.2.23 |
Feb 18, 2025 05:38:02.794377089 CET | 56184 | 3778 | 192.168.2.23 | 5.83.218.12 |
Feb 18, 2025 05:38:02.799163103 CET | 3778 | 56184 | 5.83.218.12 | 192.168.2.23 |
Feb 18, 2025 05:38:03.377867937 CET | 3778 | 56184 | 5.83.218.12 | 192.168.2.23 |
Feb 18, 2025 05:38:03.378042936 CET | 56184 | 3778 | 192.168.2.23 | 5.83.218.12 |
Feb 18, 2025 05:38:03.378093004 CET | 56184 | 3778 | 192.168.2.23 | 5.83.218.12 |
Feb 18, 2025 05:38:03.378118992 CET | 56186 | 3778 | 192.168.2.23 | 5.83.218.12 |
Feb 18, 2025 05:38:03.382849932 CET | 3778 | 56186 | 5.83.218.12 | 192.168.2.23 |
Feb 18, 2025 05:38:03.382941961 CET | 56186 | 3778 | 192.168.2.23 | 5.83.218.12 |
Feb 18, 2025 05:38:03.382941961 CET | 56186 | 3778 | 192.168.2.23 | 5.83.218.12 |
Feb 18, 2025 05:38:03.387732029 CET | 3778 | 56186 | 5.83.218.12 | 192.168.2.23 |
Feb 18, 2025 05:38:03.387856007 CET | 56186 | 3778 | 192.168.2.23 | 5.83.218.12 |
Feb 18, 2025 05:38:03.392625093 CET | 3778 | 56186 | 5.83.218.12 | 192.168.2.23 |
Feb 18, 2025 05:38:03.711091995 CET | 42836 | 443 | 192.168.2.23 | 91.189.91.43 |
Feb 18, 2025 05:38:03.984515905 CET | 3778 | 56186 | 5.83.218.12 | 192.168.2.23 |
Feb 18, 2025 05:38:03.984623909 CET | 56186 | 3778 | 192.168.2.23 | 5.83.218.12 |
Feb 18, 2025 05:38:03.984623909 CET | 56186 | 3778 | 192.168.2.23 | 5.83.218.12 |
Feb 18, 2025 05:38:03.984666109 CET | 56188 | 3778 | 192.168.2.23 | 5.83.218.12 |
Feb 18, 2025 05:38:03.990508080 CET | 3778 | 56188 | 5.83.218.12 | 192.168.2.23 |
Feb 18, 2025 05:38:03.990569115 CET | 56188 | 3778 | 192.168.2.23 | 5.83.218.12 |
Feb 18, 2025 05:38:03.990617990 CET | 56188 | 3778 | 192.168.2.23 | 5.83.218.12 |
Feb 18, 2025 05:38:03.995409966 CET | 3778 | 56188 | 5.83.218.12 | 192.168.2.23 |
Feb 18, 2025 05:38:03.995460987 CET | 56188 | 3778 | 192.168.2.23 | 5.83.218.12 |
Feb 18, 2025 05:38:04.000224113 CET | 3778 | 56188 | 5.83.218.12 | 192.168.2.23 |
Feb 18, 2025 05:38:04.584794044 CET | 3778 | 56188 | 5.83.218.12 | 192.168.2.23 |
Feb 18, 2025 05:38:04.584858894 CET | 56188 | 3778 | 192.168.2.23 | 5.83.218.12 |
Feb 18, 2025 05:38:04.584892988 CET | 56188 | 3778 | 192.168.2.23 | 5.83.218.12 |
Feb 18, 2025 05:38:04.584949017 CET | 56190 | 3778 | 192.168.2.23 | 5.83.218.12 |
Feb 18, 2025 05:38:04.589771986 CET | 3778 | 56190 | 5.83.218.12 | 192.168.2.23 |
Feb 18, 2025 05:38:04.589842081 CET | 56190 | 3778 | 192.168.2.23 | 5.83.218.12 |
Feb 18, 2025 05:38:04.590082884 CET | 56190 | 3778 | 192.168.2.23 | 5.83.218.12 |
Feb 18, 2025 05:38:04.594834089 CET | 3778 | 56190 | 5.83.218.12 | 192.168.2.23 |
Feb 18, 2025 05:38:04.594881058 CET | 56190 | 3778 | 192.168.2.23 | 5.83.218.12 |
Feb 18, 2025 05:38:04.601582050 CET | 3778 | 56190 | 5.83.218.12 | 192.168.2.23 |
Feb 18, 2025 05:38:04.630796909 CET | 56190 | 3778 | 192.168.2.23 | 5.83.218.12 |
Feb 18, 2025 05:38:04.687511921 CET | 3778 | 56190 | 5.83.218.12 | 192.168.2.23 |
Feb 18, 2025 05:38:05.018328905 CET | 3778 | 56190 | 5.83.218.12 | 192.168.2.23 |
Feb 18, 2025 05:38:05.018450975 CET | 56190 | 3778 | 192.168.2.23 | 5.83.218.12 |
Feb 18, 2025 05:38:05.503051996 CET | 42516 | 80 | 192.168.2.23 | 109.202.202.202 |
Feb 18, 2025 05:38:18.301197052 CET | 43928 | 443 | 192.168.2.23 | 91.189.91.42 |
Feb 18, 2025 05:38:30.587532997 CET | 42836 | 443 | 192.168.2.23 | 91.189.91.43 |
Feb 18, 2025 05:38:36.730617046 CET | 42516 | 80 | 192.168.2.23 | 109.202.202.202 |
Feb 18, 2025 05:38:59.255728960 CET | 43928 | 443 | 192.168.2.23 | 91.189.91.42 |
System Behavior
Start time (UTC): | 04:37:57 |
Start date (UTC): | 18/02/2025 |
Path: | /tmp/boatnet.x86.elf |
Arguments: | /tmp/boatnet.x86.elf |
File size: | 21492 bytes |
MD5 hash: | e77d89e82c4a1ae4107fca98b6843e32 |
Start time (UTC): | 04:37:57 |
Start date (UTC): | 18/02/2025 |
Path: | /tmp/boatnet.x86.elf |
Arguments: | - |
File size: | 21492 bytes |
MD5 hash: | e77d89e82c4a1ae4107fca98b6843e32 |
Start time (UTC): | 04:37:57 |
Start date (UTC): | 18/02/2025 |
Path: | /tmp/boatnet.x86.elf |
Arguments: | - |
File size: | 21492 bytes |
MD5 hash: | e77d89e82c4a1ae4107fca98b6843e32 |
Start time (UTC): | 04:37:57 |
Start date (UTC): | 18/02/2025 |
Path: | /tmp/boatnet.x86.elf |
Arguments: | - |
File size: | 21492 bytes |
MD5 hash: | e77d89e82c4a1ae4107fca98b6843e32 |
Start time (UTC): | 04:38:02 |
Start date (UTC): | 18/02/2025 |
Path: | /usr/bin/xfce4-panel |
Arguments: | - |
File size: | 375768 bytes |
MD5 hash: | a15b657c7d54ac1385f1f15004ea6784 |
Start time (UTC): | 04:38:02 |
Start date (UTC): | 18/02/2025 |
Path: | /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 |
Arguments: | /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 /usr/lib/x86_64-linux-gnu/xfce4/panel/plugins/libsystray.so 6 12582920 systray "Notification Area" "Area where notification icons appear" |
File size: | 35136 bytes |
MD5 hash: | ac0b8a906f359a8ae102244738682e76 |
Start time (UTC): | 04:38:03 |
Start date (UTC): | 18/02/2025 |
Path: | /usr/bin/xfce4-panel |
Arguments: | - |
File size: | 375768 bytes |
MD5 hash: | a15b657c7d54ac1385f1f15004ea6784 |
Start time (UTC): | 04:38:03 |
Start date (UTC): | 18/02/2025 |
Path: | /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 |
Arguments: | /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 /usr/lib/x86_64-linux-gnu/xfce4/panel/plugins/libstatusnotifier.so 7 12582921 statusnotifier "Status Notifier Plugin" "Provides a panel area for status notifier items (application indicators)" |
File size: | 35136 bytes |
MD5 hash: | ac0b8a906f359a8ae102244738682e76 |
Start time (UTC): | 04:38:03 |
Start date (UTC): | 18/02/2025 |
Path: | /usr/bin/xfce4-panel |
Arguments: | - |
File size: | 375768 bytes |
MD5 hash: | a15b657c7d54ac1385f1f15004ea6784 |
Start time (UTC): | 04:38:03 |
Start date (UTC): | 18/02/2025 |
Path: | /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 |
Arguments: | /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 /usr/lib/x86_64-linux-gnu/xfce4/panel/plugins/libpulseaudio-plugin.so 8 12582922 pulseaudio "PulseAudio Plugin" "Adjust the audio volume of the PulseAudio sound system" |
File size: | 35136 bytes |
MD5 hash: | ac0b8a906f359a8ae102244738682e76 |
Start time (UTC): | 04:38:03 |
Start date (UTC): | 18/02/2025 |
Path: | /usr/bin/xfce4-panel |
Arguments: | - |
File size: | 375768 bytes |
MD5 hash: | a15b657c7d54ac1385f1f15004ea6784 |
Start time (UTC): | 04:38:03 |
Start date (UTC): | 18/02/2025 |
Path: | /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 |
Arguments: | /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 /usr/lib/x86_64-linux-gnu/xfce4/panel/plugins/libxfce4powermanager.so 9 12582923 power-manager-plugin "Power Manager Plugin" "Display the battery levels of your devices and control the brightness of your display" |
File size: | 35136 bytes |
MD5 hash: | ac0b8a906f359a8ae102244738682e76 |
Start time (UTC): | 04:38:03 |
Start date (UTC): | 18/02/2025 |
Path: | /usr/bin/xfce4-panel |
Arguments: | - |
File size: | 375768 bytes |
MD5 hash: | a15b657c7d54ac1385f1f15004ea6784 |
Start time (UTC): | 04:38:03 |
Start date (UTC): | 18/02/2025 |
Path: | /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 |
Arguments: | /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 /usr/lib/x86_64-linux-gnu/xfce4/panel/plugins/libnotification-plugin.so 10 12582924 notification-plugin "Notification Plugin" "Notification plugin for the Xfce panel" |
File size: | 35136 bytes |
MD5 hash: | ac0b8a906f359a8ae102244738682e76 |
Start time (UTC): | 04:38:03 |
Start date (UTC): | 18/02/2025 |
Path: | /usr/bin/xfce4-panel |
Arguments: | - |
File size: | 375768 bytes |
MD5 hash: | a15b657c7d54ac1385f1f15004ea6784 |
Start time (UTC): | 04:38:03 |
Start date (UTC): | 18/02/2025 |
Path: | /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 |
Arguments: | /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 /usr/lib/x86_64-linux-gnu/xfce4/panel/plugins/libactions.so 14 12582925 actions "Action Buttons" "Log out, lock or other system actions" |
File size: | 35136 bytes |
MD5 hash: | ac0b8a906f359a8ae102244738682e76 |