Automated Malware Analysis IOC Report for

Processes

Path

Cmdline

Malicious

/tmp/boatnet.arm5.elf

URLs

Name

Malicious

http://upx.sf.net

unknown

Details

Name:	http://upx.sf.net
TargetID:	12
From Memory:	true
Current Path:	/tmp/boatnet.arm5.elf
Source:	boatnet.arm5.elf

Signature Hits	Behavior Group	Mitre Attack
Sample is packed with UPX	Data Obfuscation	Obfuscated Files or Information
URLs found in memory or binary data	Networking

IPs

Domain

Country

Malicious

109.202.202.202

unknown

Switzerland

Details

IP:	109.202.202.202
TargetID:	-1
Country:	Switzerland
Countrycode:	CHE
ASN number:	13030
ASN name:	INIT7CH
Private:	false

Signature Hits	Behavior Group	Mitre Attack
Tries to connect to HTTP servers, but all servers are down (expired dropper behavior)	Networking
Connects to IPs without corresponding DNS lookups	Networking

91.189.91.43

unknown

United Kingdom

Details

IP:	91.189.91.43
TargetID:	-1
Country:	United Kingdom
Countrycode:	GBR
ASN number:	41231
ASN name:	CANONICAL-ASGB
Private:	false

Signature Hits	Behavior Group	Mitre Attack
Tries to connect to HTTP servers, but all servers are down (expired dropper behavior)	Networking
Connects to IPs without corresponding DNS lookups	Networking

91.189.91.42

unknown

United Kingdom

Details

IP:	91.189.91.42
TargetID:	-1
Country:	United Kingdom
Countrycode:	GBR
ASN number:	41231
ASN name:	CANONICAL-ASGB
Private:	false

Signature Hits	Behavior Group	Mitre Attack
Tries to connect to HTTP servers, but all servers are down (expired dropper behavior)	Networking
Connects to IPs without corresponding DNS lookups	Networking

Memdumps

Base Address

Regiontype

Protect

Malicious

7fa9bc023000

page execute read

7faac38b3000

page read and write

7faac3cad000

page read and write

55a2dfaba000

page read and write

7faac34bf000

page read and write

7faabbfff000

page read and write

7faac3551000

page read and write

7faac3b41000

page read and write

7faabc021000

page read and write

7fa9bc03c000

page execute read

7faac4070000

page read and write

7fa9bc02b000

page read and write

7fffa8bcd000

page read and write

55a2dcee9000

page execute read

7faac4199000

page read and write

7faac3e8f000

page read and write

7faac3b1e000

page read and write

55a2dd13a000

page read and write

7fffa8bf0000

page execute read

7faac2cb7000

page read and write

55a2dd143000

page read and write

7fa9bc03a000

page execute and read and write

7faac41bd000

page read and write

55a2df158000

page read and write

7faac4202000

page read and write

55a2df141000

page execute and read and write

There are 16 hidden memdumps, click here to show them.

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

IOC Report
boatnet.arm5.elf

Processes

URLs

IPs

Memdumps

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

IOC Reportboatnet.arm5.elf

Processes

URLs

IPs

Memdumps

IOC Report
boatnet.arm5.elf