IOC Report
boatnet.ppc.elf

loading gif

Processes

Path
Cmdline
Malicious
/tmp/boatnet.ppc.elf
/tmp/boatnet.ppc.elf
/usr/bin/dash
-
/usr/bin/rm
rm -f /tmp/tmp.MDKLBM1A1Z /tmp/tmp.ux15gK8JI4 /tmp/tmp.VBIoNLqjV7
/usr/bin/dash
-
/usr/bin/rm
rm -f /tmp/tmp.MDKLBM1A1Z /tmp/tmp.ux15gK8JI4 /tmp/tmp.VBIoNLqjV7

URLs

Name
IP
Malicious
http://5.181.159.16/wget.sh;
unknown
http://upx.sf.net
unknown
http://5.181.159.16/idk/home.arm7;chmod
unknown
http://5.181.159.16/w.sh;
unknown
http://5.181.159.16/c.sh;
unknown
http://schemas.xmlsoap.org/soap/encoding/
unknown
http://5.181.159.16/idk/home.mips
unknown
http://5.181.159.16/idk/home.mips;
unknown
http://5.181.159.16/idk/home.x86
unknown
http://schemas.xmlsoap.org/soap/envelope/
unknown

IPs

IP
Domain
Country
Malicious
34.249.145.219
unknown
United States
109.202.202.202
unknown
Switzerland
91.189.91.42
unknown
United Kingdom

Memdumps

Base Address
Regiontype
Protect
Malicious
7f35d8018000
page execute and read and write
 malicious
7f36cd2c8000
page read and write
7f36c8021000
page read and write
7f35d800b000
page execute read
7f35d800e000
page execute and read and write
7f36ce5cb000
page read and write
7f35d800a000
page execute and read and write
7f36cdad9000
page read and write
7f36c8000000
page read and write
7f36ce12a000
page read and write
5613602a5000
page execute and read and write
7ffd10968000
page execute read
7ffd108d6000
page read and write
56135e01c000
page execute read
7f35d8029000
page read and write
7f36ce5c3000
page read and write
5613602bb000
page read and write
7f36ce14f000
page read and write
7f35d8015000
page execute read
7f36ce610000
page read and write
56135e29f000
page read and write
56135e2a7000
page read and write
7f36cdd68000
page read and write
7f35d8002000
page execute read
7f36ce49a000
page read and write
5613611b8000
page read and write
7f36cdacb000
page read and write
There are 17 hidden memdumps, click here to show them.