Create Interactive Tour
Linux
Analysis Report
boatnet.x86
Overview
General Information
Detection
Mirai
Score: | 64 |
Range: | 0 - 100 |
Whitelisted: | false |
Signatures
Yara detected Mirai
Multi AV Scanner detection for submitted file
Sample is packed with UPX
Sample tries to kill multiple processes (SIGKILL)
Sample contains only a LOAD segment without any section mappings
Creates hidden files and/or directories
Uses the "uname" system call to query kernel version information (possible evasion)
Enumerates processes within the "proc" file system
Tries to connect to HTTP servers, but all servers are down (expired dropper behavior)
Detected TCP or UDP traffic on non-standard ports
Sample tries to kill a process (SIGKILL)
ELF contains segments with high entropy indicating compressed/encrypted content
Classification
Analysis Advice
All HTTP servers contacted by the sample do not answer. The sample is likely an old dropper which does no longer work. |
Joe Sandbox Version: | 35.0.0 Citrine |
Analysis ID: | 661711 |
Start date and time: 12/07/202210:09:26 | 2022-07-12 10:09:26 +02:00 |
Joe Sandbox Product: | CloudBasic |
Overall analysis duration: | 0h 6m 16s |
Hypervisor based Inspection enabled: | false |
Report type: | full |
Sample file name: | boatnet.x86 |
Cookbook file name: | defaultlinuxfilecookbook.jbs |
Analysis system description: | Ubuntu Linux 20.04 x64 (Kernel 5.4.0-72, Firefox 91.0, Evince Document Viewer 3.36.10, LibreOffice 6.4.7.2, OpenJDK 11.0.11) |
Analysis Mode: | default |
Detection: | MAL |
Classification: | mal64.spre.troj.evad.linX86@0/0@0/0 |
Command: | /tmp/boatnet.x86 |
PID: | 6227 |
Exit Code: | 0 |
Exit Code Info: | |
Killed: | False |
Standard Output: | lzrd cock fest"/proc/"/exe |
Standard Error: |
- system is lnxubuntu20
- boatnet.x86 New Fork (PID: 6228, Parent: 6227)
- boatnet.x86 New Fork (PID: 6229, Parent: 6227)
- boatnet.x86 New Fork (PID: 6230, Parent: 6227)
- xfce4-panel New Fork (PID: 6235, Parent: 2063)
- xfce4-panel New Fork (PID: 6236, Parent: 2063)
- xfce4-panel New Fork (PID: 6237, Parent: 2063)
- xfce4-panel New Fork (PID: 6238, Parent: 2063)
- xfce4-panel New Fork (PID: 6239, Parent: 2063)
- xfce4-panel New Fork (PID: 6240, Parent: 2063)
- dbus-daemon New Fork (PID: 6246, Parent: 6245)
- cleanup
Source | Rule | Description | Author | Strings |
---|---|---|---|---|
JoeSecurity_Mirai_8 | Yara detected Mirai | Joe Security | ||
JoeSecurity_Mirai_8 | Yara detected Mirai | Joe Security | ||
JoeSecurity_Mirai_8 | Yara detected Mirai | Joe Security |
⊘No Snort rule has matched
- • AV Detection
- • Networking
- • System Summary
- • Data Obfuscation
- • Persistence and Installation Behavior
- • Hooking and other Techniques for Hiding and Protection
- • Malware Analysis System Evasion
- • Stealing of Sensitive Information
- • Remote Access Functionality
Click to jump to signature section
Show All Signature Results
AV Detection |
---|
Source: | Virustotal: | Perma Link |
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: |
Source: | TCP traffic: |
Source: | Network traffic detected: | ||
Source: | Network traffic detected: |
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: |
Source: | String found in binary or memory: |
System Summary |
---|
Source: | SIGKILL sent: | Jump to behavior | ||
Source: | SIGKILL sent: | Jump to behavior | ||
Source: | SIGKILL sent: | Jump to behavior | ||
Source: | SIGKILL sent: | Jump to behavior | ||
Source: | SIGKILL sent: | Jump to behavior | ||
Source: | SIGKILL sent: | Jump to behavior | ||
Source: | SIGKILL sent: | Jump to behavior | ||
Source: | SIGKILL sent: | Jump to behavior | ||
Source: | SIGKILL sent: | Jump to behavior | ||
Source: | SIGKILL sent: | Jump to behavior | ||
Source: | SIGKILL sent: | Jump to behavior | ||
Source: | SIGKILL sent: | Jump to behavior | ||
Source: | SIGKILL sent: | Jump to behavior | ||
Source: | SIGKILL sent: | Jump to behavior | ||
Source: | SIGKILL sent: | Jump to behavior | ||
Source: | SIGKILL sent: | Jump to behavior | ||
Source: | SIGKILL sent: | Jump to behavior |
Source: | Program segment: |
Source: | SIGKILL sent: | Jump to behavior | ||
Source: | SIGKILL sent: | Jump to behavior | ||
Source: | SIGKILL sent: | Jump to behavior | ||
Source: | SIGKILL sent: | Jump to behavior | ||
Source: | SIGKILL sent: | Jump to behavior | ||
Source: | SIGKILL sent: | Jump to behavior | ||
Source: | SIGKILL sent: | Jump to behavior | ||
Source: | SIGKILL sent: | Jump to behavior | ||
Source: | SIGKILL sent: | Jump to behavior | ||
Source: | SIGKILL sent: | Jump to behavior | ||
Source: | SIGKILL sent: | Jump to behavior | ||
Source: | SIGKILL sent: | Jump to behavior | ||
Source: | SIGKILL sent: | Jump to behavior | ||
Source: | SIGKILL sent: | Jump to behavior | ||
Source: | SIGKILL sent: | Jump to behavior | ||
Source: | SIGKILL sent: | Jump to behavior | ||
Source: | SIGKILL sent: | Jump to behavior |
Source: | Classification label: |
Data Obfuscation |
---|
Source: | String containing UPX found: | ||
Source: | String containing UPX found: | ||
Source: | String containing UPX found: |
Source: | Directory: | Jump to behavior | ||
Source: | Directory: | Jump to behavior | ||
Source: | Directory: | Jump to behavior | ||
Source: | Directory: | Jump to behavior |
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior |
Source: | Submission file: |
Source: | Queries kernel information via 'uname': | Jump to behavior |
Stealing of Sensitive Information |
---|
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: |
Remote Access Functionality |
---|
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: |
Initial Access | Execution | Persistence | Privilege Escalation | Defense Evasion | Credential Access | Discovery | Lateral Movement | Collection | Exfiltration | Command and Control | Network Effects | Remote Service Effects | Impact |
---|---|---|---|---|---|---|---|---|---|---|---|---|---|
Valid Accounts | Windows Management Instrumentation | Path Interception | Path Interception | 1 Hidden Files and Directories | 1 OS Credential Dumping | 1 Security Software Discovery | Remote Services | Data from Local System | Exfiltration Over Other Network Medium | 1 Encrypted Channel | Eavesdrop on Insecure Network Communication | Remotely Track Device Without Authorization | 1 Service Stop |
Default Accounts | Scheduled Task/Job | Boot or Logon Initialization Scripts | Boot or Logon Initialization Scripts | 11 Obfuscated Files or Information | LSASS Memory | Application Window Discovery | Remote Desktop Protocol | Data from Removable Media | Exfiltration Over Bluetooth | 1 Non-Standard Port | Exploit SS7 to Redirect Phone Calls/SMS | Remotely Wipe Data Without Authorization | Device Lockout |
Domain Accounts | At (Linux) | Logon Script (Windows) | Logon Script (Windows) | Obfuscated Files or Information | Security Account Manager | Query Registry | SMB/Windows Admin Shares | Data from Network Shared Drive | Automated Exfiltration | 1 Application Layer Protocol | Exploit SS7 to Track Device Location | Obtain Device Cloud Backups | Delete Device Data |
⊘No configs have been found
This section contains all screenshots as thumbnails, including those not shown in the slideshow.
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
42% | Virustotal | Browse |
⊘No Antivirus matches
⊘No Antivirus matches
⊘No Antivirus matches
⊘No contacted domains info
Name | Source | Malicious | Antivirus Detection | Reputation |
---|---|---|---|---|
false | high |
- No. of IPs < 25%
- 25% < No. of IPs < 50%
- 50% < No. of IPs < 75%
- 75% < No. of IPs
IP | Domain | Country | Flag | ASN | ASN Name | Malicious |
---|---|---|---|---|---|---|
45.87.154.190 | unknown | Russian Federation | 12494 | ASN-POSTLTDRU | false | |
114.36.39.149 | unknown | Taiwan; Republic of China (ROC) | 3462 | HINETDataCommunicationBusinessGroupTW | false | |
222.156.17.86 | unknown | Taiwan; Republic of China (ROC) | 7482 | APOL-ASAsiaPacificOn-lineServiceIncTW | false | |
109.202.202.202 | unknown | Switzerland | 13030 | INIT7CH | false | |
179.97.230.29 | unknown | Brazil | 28300 | MMAACESSORIOSESERVICOSDEINFORMATICALTDABR | false | |
195.158.91.179 | unknown | Malta | 15735 | DATASTREAM-NETMT | false | |
24.185.132.127 | unknown | United States | 6128 | CABLE-NET-1US | false | |
91.189.91.43 | unknown | United Kingdom | 41231 | CANONICAL-ASGB | false | |
89.46.238.151 | unknown | Romania | 39531 | ALTER-NET-ASZorilorNr11SfGheorgheRO | false | |
66.76.105.152 | unknown | United States | 19108 | SUDDENLINK-COMMUNICATIONSUS | false | |
91.189.91.42 | unknown | United Kingdom | 41231 | CANONICAL-ASGB | false |
Match | Associated Sample Name / URL | SHA 256 | Detection | Link | Context |
---|---|---|---|---|---|
45.87.154.190 | Get hash | malicious | Browse | ||
Get hash | malicious | Browse | |||
109.202.202.202 | Get hash | malicious | Browse | ||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse |
⊘No context
Match | Associated Sample Name / URL | SHA 256 | Detection | Link | Context |
---|---|---|---|---|---|
ASN-POSTLTDRU | Get hash | malicious | Browse |
| |
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
HINETDataCommunicationBusinessGroupTW | Get hash | malicious | Browse |
| |
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
|
⊘No context
⊘No context
⊘No created / dropped files found
File type: | |
Entropy (8bit): | 7.84465756304866 |
TrID: |
|
File name: | boatnet.x86 |
File size: | 21500 |
MD5: | bfac0903f7f1adf02144c7afb3f4c06d |
SHA1: | d249d031a114d615444b5d5123f170e2b2dba3bf |
SHA256: | 1659a6b00918a0c84b1ff6282aefbd255d55b37e9ca6b1b2414db9e1f31e3296 |
SHA512: | 04d5d96e4790f6e5e37cb85455d041e82d60934dd5d967d45ddf7bbdc6dae0c46593090ec0d8df2e2184dae7d7b48c2465d2f155fc6f074f8b5b76a60cb1c07a |
SSDEEP: | 384:Mg/Lpj8s/qPui8uZxoIA57RWQjJiEVi+ZkXadmTb+502F2vwA9dWuMW21bAK1oTE:598o08kxofBE+ZkXaITbp2F2TWul0c5Q |
TLSH: | D3A2E019BF1C818BC832297955E9F6D22252FC62F2DDDC0D2680C15FF0A33A92874F86 |
File Content Preview: | .ELF.....................Z..4...........4. ...(......................R...R...................G...G..................Q.td................................UPX!....................Y.......w....ELF.......d....g..4...34. (.....[..;;.F.@....'..6..f?..@..>....{?i |
ELF header | |
---|---|
Class: | |
Data: | |
Version: | |
Machine: | |
Version Number: | |
Type: | |
OS/ABI: | |
ABI Version: | |
Entry Point Address: | |
Flags: | |
ELF Header Size: | |
Program Header Offset: | |
Program Header Size: | |
Number of Program Headers: | |
Section Header Offset: | |
Section Header Size: | |
Number of Section Headers: | |
Header String Table Index: |
Type | Offset | Virtual Address | Physical Address | File Size | Memory Size | Entropy | Flags | Flags Description | Align | Prog Interpreter | Section Mappings |
---|---|---|---|---|---|---|---|---|---|---|---|
LOAD | 0x0 | 0xc01000 | 0xc01000 | 0x52fc | 0x52fc | 7.8485 | 0x5 | R E | 0x1000 | ||
LOAD | 0x7a0 | 0x80547a0 | 0x80547a0 | 0x0 | 0x0 | 0.0000 | 0x6 | RW | 0x1000 | ||
GNU_STACK | 0x0 | 0x0 | 0x0 | 0x0 | 0x0 | 0.0000 | 0x6 | RW | 0x4 |
Download Network PCAP: filtered – full
- Total Packets: 17
Timestamp | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|
Jul 12, 2022 10:10:19.605946064 CEST | 34050 | 3778 | 192.168.2.23 | 45.87.154.190 |
Jul 12, 2022 10:10:19.635241032 CEST | 3778 | 34050 | 45.87.154.190 | 192.168.2.23 |
Jul 12, 2022 10:10:19.635391951 CEST | 34050 | 3778 | 192.168.2.23 | 45.87.154.190 |
Jul 12, 2022 10:10:19.635478973 CEST | 34050 | 3778 | 192.168.2.23 | 45.87.154.190 |
Jul 12, 2022 10:10:19.668358088 CEST | 3778 | 34050 | 45.87.154.190 | 192.168.2.23 |
Jul 12, 2022 10:10:19.668488026 CEST | 34050 | 3778 | 192.168.2.23 | 45.87.154.190 |
Jul 12, 2022 10:10:19.697649002 CEST | 3778 | 34050 | 45.87.154.190 | 192.168.2.23 |
Jul 12, 2022 10:10:25.426181078 CEST | 34050 | 3778 | 192.168.2.23 | 45.87.154.190 |
Jul 12, 2022 10:10:25.455684900 CEST | 3778 | 34050 | 45.87.154.190 | 192.168.2.23 |
Jul 12, 2022 10:10:25.455805063 CEST | 34050 | 3778 | 192.168.2.23 | 45.87.154.190 |
Jul 12, 2022 10:10:30.558656931 CEST | 43928 | 443 | 192.168.2.23 | 91.189.91.42 |
Jul 12, 2022 10:10:42.846004009 CEST | 42836 | 443 | 192.168.2.23 | 91.189.91.43 |
Jul 12, 2022 10:10:46.941683054 CEST | 42516 | 80 | 192.168.2.23 | 109.202.202.202 |
Jul 12, 2022 10:11:08.394661903 CEST | 23 | 48162 | 195.158.91.179 | 192.168.2.23 |
Jul 12, 2022 10:11:08.394869089 CEST | 48162 | 23 | 192.168.2.23 | 195.158.91.179 |
Jul 12, 2022 10:11:11.516390085 CEST | 43928 | 443 | 192.168.2.23 | 91.189.91.42 |
Jul 12, 2022 10:11:12.442897081 CEST | 23 | 47936 | 24.185.132.127 | 192.168.2.23 |
Jul 12, 2022 10:11:12.443141937 CEST | 47936 | 23 | 192.168.2.23 | 24.185.132.127 |
Jul 12, 2022 10:11:14.325581074 CEST | 23 | 58074 | 89.46.238.151 | 192.168.2.23 |
Jul 12, 2022 10:11:14.325809956 CEST | 58074 | 23 | 192.168.2.23 | 89.46.238.151 |
Jul 12, 2022 10:11:17.165988922 CEST | 23 | 43604 | 66.76.105.152 | 192.168.2.23 |
Jul 12, 2022 10:11:17.166172028 CEST | 43604 | 23 | 192.168.2.23 | 66.76.105.152 |
Jul 12, 2022 10:11:17.568767071 CEST | 23 | 52414 | 222.156.17.86 | 192.168.2.23 |
Jul 12, 2022 10:11:17.569003105 CEST | 52414 | 23 | 192.168.2.23 | 222.156.17.86 |
Jul 12, 2022 10:11:21.350780964 CEST | 23 | 38710 | 114.36.39.149 | 192.168.2.23 |
Jul 12, 2022 10:11:21.351062059 CEST | 38710 | 23 | 192.168.2.23 | 114.36.39.149 |
Jul 12, 2022 10:11:24.956840992 CEST | 23 | 58990 | 179.97.230.29 | 192.168.2.23 |
Jul 12, 2022 10:11:24.957039118 CEST | 58990 | 23 | 192.168.2.23 | 179.97.230.29 |
System Behavior
Start time: | 10:10:18 |
Start date: | 12/07/2022 |
Path: | /tmp/boatnet.x86 |
Arguments: | /tmp/boatnet.x86 |
File size: | 21500 bytes |
MD5 hash: | bfac0903f7f1adf02144c7afb3f4c06d |
Start time: | 10:10:18 |
Start date: | 12/07/2022 |
Path: | /tmp/boatnet.x86 |
Arguments: | n/a |
File size: | 21500 bytes |
MD5 hash: | bfac0903f7f1adf02144c7afb3f4c06d |
Start time: | 10:10:18 |
Start date: | 12/07/2022 |
Path: | /tmp/boatnet.x86 |
Arguments: | n/a |
File size: | 21500 bytes |
MD5 hash: | bfac0903f7f1adf02144c7afb3f4c06d |
Start time: | 10:10:18 |
Start date: | 12/07/2022 |
Path: | /tmp/boatnet.x86 |
Arguments: | n/a |
File size: | 21500 bytes |
MD5 hash: | bfac0903f7f1adf02144c7afb3f4c06d |
Start time: | 10:10:23 |
Start date: | 12/07/2022 |
Path: | /usr/bin/xfce4-panel |
Arguments: | n/a |
File size: | 375768 bytes |
MD5 hash: | a15b657c7d54ac1385f1f15004ea6784 |
Start time: | 10:10:23 |
Start date: | 12/07/2022 |
Path: | /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 |
Arguments: | /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 /usr/lib/x86_64-linux-gnu/xfce4/panel/plugins/libsystray.so 6 12582920 systray "Notification Area" "Area where notification icons appear" |
File size: | 35136 bytes |
MD5 hash: | ac0b8a906f359a8ae102244738682e76 |
Start time: | 10:10:24 |
Start date: | 12/07/2022 |
Path: | /usr/bin/xfce4-panel |
Arguments: | n/a |
File size: | 375768 bytes |
MD5 hash: | a15b657c7d54ac1385f1f15004ea6784 |
Start time: | 10:10:24 |
Start date: | 12/07/2022 |
Path: | /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 |
Arguments: | /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 /usr/lib/x86_64-linux-gnu/xfce4/panel/plugins/libstatusnotifier.so 7 12582921 statusnotifier "Status Notifier Plugin" "Provides a panel area for status notifier items (application indicators)" |
File size: | 35136 bytes |
MD5 hash: | ac0b8a906f359a8ae102244738682e76 |
Start time: | 10:10:24 |
Start date: | 12/07/2022 |
Path: | /usr/bin/xfce4-panel |
Arguments: | n/a |
File size: | 375768 bytes |
MD5 hash: | a15b657c7d54ac1385f1f15004ea6784 |
Start time: | 10:10:24 |
Start date: | 12/07/2022 |
Path: | /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 |
Arguments: | /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 /usr/lib/x86_64-linux-gnu/xfce4/panel/plugins/libpulseaudio-plugin.so 8 12582922 pulseaudio "PulseAudio Plugin" "Adjust the audio volume of the PulseAudio sound system" |
File size: | 35136 bytes |
MD5 hash: | ac0b8a906f359a8ae102244738682e76 |
Start time: | 10:10:24 |
Start date: | 12/07/2022 |
Path: | /usr/bin/xfce4-panel |
Arguments: | n/a |
File size: | 375768 bytes |
MD5 hash: | a15b657c7d54ac1385f1f15004ea6784 |
Start time: | 10:10:24 |
Start date: | 12/07/2022 |
Path: | /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 |
Arguments: | /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 /usr/lib/x86_64-linux-gnu/xfce4/panel/plugins/libxfce4powermanager.so 9 12582923 power-manager-plugin "Power Manager Plugin" "Display the battery levels of your devices and control the brightness of your display" |
File size: | 35136 bytes |
MD5 hash: | ac0b8a906f359a8ae102244738682e76 |
Start time: | 10:10:24 |
Start date: | 12/07/2022 |
Path: | /usr/bin/xfce4-panel |
Arguments: | n/a |
File size: | 375768 bytes |
MD5 hash: | a15b657c7d54ac1385f1f15004ea6784 |
Start time: | 10:10:24 |
Start date: | 12/07/2022 |
Path: | /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 |
Arguments: | /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 /usr/lib/x86_64-linux-gnu/xfce4/panel/plugins/libnotification-plugin.so 10 12582924 notification-plugin "Notification Plugin" "Notification plugin for the Xfce panel" |
File size: | 35136 bytes |
MD5 hash: | ac0b8a906f359a8ae102244738682e76 |
Start time: | 10:10:24 |
Start date: | 12/07/2022 |
Path: | /usr/bin/xfce4-panel |
Arguments: | n/a |
File size: | 375768 bytes |
MD5 hash: | a15b657c7d54ac1385f1f15004ea6784 |
Start time: | 10:10:24 |
Start date: | 12/07/2022 |
Path: | /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 |
Arguments: | /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 /usr/lib/x86_64-linux-gnu/xfce4/panel/plugins/libactions.so 14 12582925 actions "Action Buttons" "Log out, lock or other system actions" |
File size: | 35136 bytes |
MD5 hash: | ac0b8a906f359a8ae102244738682e76 |
Start time: | 10:10:26 |
Start date: | 12/07/2022 |
Path: | /usr/bin/dbus-daemon |
Arguments: | n/a |
File size: | 249032 bytes |
MD5 hash: | 3089d47e3f3ab84cd81c48fd406d7a8c |
Start time: | 10:10:26 |
Start date: | 12/07/2022 |
Path: | /usr/lib/x86_64-linux-gnu/xfce4/xfconf/xfconfd |
Arguments: | /usr/lib/x86_64-linux-gnu/xfce4/xfconf/xfconfd |
File size: | 112880 bytes |
MD5 hash: | 4c7a0d6d258bb970905b19b84abcd8e9 |