Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Linux Analysis Report
boatnet.arm.elf

Overview

General Information

Sample name:boatnet.arm.elf
Analysis ID:1665577
MD5:74f698dfcc5fbbba723c2fa6c3752cd2
SHA1:154398e0b1cba50fd64f3766839191111662890c
SHA256:94f5a56a36ce7b8ed3d816b3c064ca1e840e2b584f0b6cfa62e31392a13e3ce5
Tags:elfuser-abuse_ch
Infos:

Detection

Mirai
Score:68
Range:0 - 100

Signatures

Malicious sample detected (through community Yara rule)
Multi AV Scanner detection for submitted file
Yara detected Mirai
Sample is packed with UPX
Detected TCP or UDP traffic on non-standard ports
ELF contains segments with high entropy indicating compressed/encrypted content
Executes the "rm" command used to delete files or directories
Sample contains only a LOAD segment without any section mappings
Uses the "uname" system call to query kernel version information (possible evasion)
Yara signature match

Classification

General Information

Joe Sandbox version:42.0.0 Malachite
Analysis ID:1665577
Start date and time:2025-04-15 17:14:51 +02:00
Joe Sandbox product:CloudBasic
Overall analysis duration:0h 5m 2s
Hypervisor based Inspection enabled:false
Report type:full
Cookbook file name:defaultlinuxfilecookbook.jbs
Analysis system description:Ubuntu Linux 20.04 x64 (Kernel 5.4.0-72, Firefox 91.0, Evince Document Viewer 3.36.10, LibreOffice 6.4.7.2, OpenJDK 11.0.11)
Analysis Mode:default
Sample name:boatnet.arm.elf
Detection:MAL
Classification:mal68.troj.evad.linELF@0/0@0/0

Runtime Messages

Command:/tmp/boatnet.arm.elf
PID:6261
Exit Code:0
Exit Code Info:
Killed:False
Standard Output:
lzrd cock fest""
Standard Error:

Process Tree

  • system is lnxubuntu20
  • dash New Fork (PID: 6324, Parent: 4331)
  • rm (PID: 6324, Parent: 4331, MD5: aa2b5496fdbfd88e38791ab81f90b95b) Arguments: rm -f /tmp/tmp.ZrVMdoDE67 /tmp/tmp.Ew7NSqKcVL /tmp/tmp.S6r6vaHZIY
  • dash New Fork (PID: 6325, Parent: 4331)
  • rm (PID: 6325, Parent: 4331, MD5: aa2b5496fdbfd88e38791ab81f90b95b) Arguments: rm -f /tmp/tmp.ZrVMdoDE67 /tmp/tmp.Ew7NSqKcVL /tmp/tmp.S6r6vaHZIY
  • cleanup

Malware Threat Intel

Provided by

NameDescriptionAttributionBlogpost URLsLink
MiraiMirai is one of the first significant botnets targeting exposed networking devices running Linux. Found in August 2016 by MalwareMustDie, its name means "future" in Japanese. Nowadays it targets a wide range of networked embedded devices such as IP cameras, home routers (many vendors involved), and other IoT devices. Since the source code was published on "Hack Forums" many variants of the Mirai family appeared, infecting mostly home networks all around the world.No Attributionhttps://malpedia.caad.fkie.fraunhofer.de/details/elf.mirai

Yara Signatures

Memory Dumps

SourceRuleDescriptionAuthorStrings
6271.1.00007f761c017000.00007f761c028000.r-x.sdmpJoeSecurity_Mirai_8Yara detected MiraiJoe Security
    6271.1.00007f761c017000.00007f761c028000.r-x.sdmpLinux_Trojan_Gafgyt_28a2fe0cunknownunknown
    • 0xe6e0:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
    • 0xe6f4:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
    • 0xe708:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
    • 0xe71c:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
    • 0xe730:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
    • 0xe744:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
    • 0xe758:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
    • 0xe76c:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
    • 0xe780:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
    • 0xe794:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
    • 0xe7a8:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
    • 0xe7bc:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
    • 0xe7d0:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
    • 0xe7e4:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
    • 0xe7f8:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
    • 0xe80c:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
    • 0xe820:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
    • 0xe834:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
    • 0xe848:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
    • 0xe85c:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
    • 0xe870:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
    6263.1.00007f761c017000.00007f761c028000.r-x.sdmpJoeSecurity_Mirai_8Yara detected MiraiJoe Security
      6263.1.00007f761c017000.00007f761c028000.r-x.sdmpLinux_Trojan_Gafgyt_28a2fe0cunknownunknown
      • 0xe6e0:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
      • 0xe6f4:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
      • 0xe708:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
      • 0xe71c:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
      • 0xe730:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
      • 0xe744:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
      • 0xe758:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
      • 0xe76c:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
      • 0xe780:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
      • 0xe794:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
      • 0xe7a8:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
      • 0xe7bc:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
      • 0xe7d0:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
      • 0xe7e4:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
      • 0xe7f8:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
      • 0xe80c:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
      • 0xe820:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
      • 0xe834:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
      • 0xe848:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
      • 0xe85c:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
      • 0xe870:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
      6265.1.00007f761c017000.00007f761c028000.r-x.sdmpJoeSecurity_Mirai_8Yara detected MiraiJoe Security
        Click to see the 11 entries

        Suricata Signatures

        No Suricata rule has matched

        Joe Sandbox Signatures

        Click to jump to signature section

        Show All Signature Results

        AV Detection

        barindex
        Multi AV Scanner detection for submitted file
        Source: boatnet.arm.elfReversingLabs: Detection: 33%
        Source: boatnet.arm.elfVirustotal: Detection: 26%Perma Link
        Source: global trafficTCP traffic: 192.168.2.23:43030 -> 176.65.137.13:7716
        Source: unknownTCP traffic detected without corresponding DNS query: 109.202.202.202
        Source: unknownTCP traffic detected without corresponding DNS query: 91.189.91.42
        Source: unknownTCP traffic detected without corresponding DNS query: 176.65.137.13
        Source: unknownTCP traffic detected without corresponding DNS query: 176.65.137.13
        Source: unknownTCP traffic detected without corresponding DNS query: 176.65.137.13
        Source: unknownTCP traffic detected without corresponding DNS query: 176.65.137.13
        Source: unknownTCP traffic detected without corresponding DNS query: 34.249.145.219
        Source: unknownTCP traffic detected without corresponding DNS query: 34.249.145.219
        Source: unknownTCP traffic detected without corresponding DNS query: 34.249.145.219
        Source: unknownTCP traffic detected without corresponding DNS query: 176.65.137.13
        Source: unknownTCP traffic detected without corresponding DNS query: 176.65.137.13
        Source: unknownTCP traffic detected without corresponding DNS query: 176.65.137.13
        Source: unknownTCP traffic detected without corresponding DNS query: 176.65.137.13
        Source: unknownTCP traffic detected without corresponding DNS query: 91.189.91.43
        Source: unknownTCP traffic detected without corresponding DNS query: 176.65.137.13
        Source: unknownTCP traffic detected without corresponding DNS query: 176.65.137.13
        Source: unknownTCP traffic detected without corresponding DNS query: 176.65.137.13
        Source: unknownTCP traffic detected without corresponding DNS query: 176.65.137.13
        Source: unknownTCP traffic detected without corresponding DNS query: 91.189.91.42
        Source: unknownTCP traffic detected without corresponding DNS query: 176.65.137.13
        Source: unknownTCP traffic detected without corresponding DNS query: 109.202.202.202
        Source: unknownTCP traffic detected without corresponding DNS query: 176.65.137.13
        Source: unknownTCP traffic detected without corresponding DNS query: 91.189.91.43
        Source: unknownTCP traffic detected without corresponding DNS query: 176.65.137.13
        Source: unknownTCP traffic detected without corresponding DNS query: 176.65.137.13
        Source: unknownTCP traffic detected without corresponding DNS query: 176.65.137.13
        Source: unknownTCP traffic detected without corresponding DNS query: 176.65.137.13
        Source: unknownTCP traffic detected without corresponding DNS query: 91.189.91.42
        Source: unknownTCP traffic detected without corresponding DNS query: 34.249.145.219
        Source: unknownTCP traffic detected without corresponding DNS query: 176.65.137.13
        Source: unknownTCP traffic detected without corresponding DNS query: 176.65.137.13
        Source: unknownTCP traffic detected without corresponding DNS query: 176.65.137.13
        Source: unknownTCP traffic detected without corresponding DNS query: 176.65.137.13
        Source: unknownTCP traffic detected without corresponding DNS query: 176.65.137.13
        Source: unknownTCP traffic detected without corresponding DNS query: 176.65.137.13
        Source: unknownTCP traffic detected without corresponding DNS query: 176.65.137.13
        Source: unknownTCP traffic detected without corresponding DNS query: 176.65.137.13
        Source: unknownTCP traffic detected without corresponding DNS query: 176.65.137.13
        Source: unknownTCP traffic detected without corresponding DNS query: 176.65.137.13
        Source: boatnet.arm.elfString found in binary or memory: http://upx.sf.net
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 39254
        Source: unknownNetwork traffic detected: HTTP traffic on port 43928 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 42836 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 39254 -> 443

        System Summary

        barindex
        Malicious sample detected (through community Yara rule)
        Source: 6271.1.00007f761c017000.00007f761c028000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_28a2fe0c Author: unknown
        Source: 6263.1.00007f761c017000.00007f761c028000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_28a2fe0c Author: unknown
        Source: 6265.1.00007f761c017000.00007f761c028000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_28a2fe0c Author: unknown
        Source: 6261.1.00007f761c017000.00007f761c028000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_28a2fe0c Author: unknown
        Source: Process Memory Space: boatnet.arm.elf PID: 6261, type: MEMORYSTRMatched rule: Linux_Trojan_Gafgyt_28a2fe0c Author: unknown
        Source: Process Memory Space: boatnet.arm.elf PID: 6263, type: MEMORYSTRMatched rule: Linux_Trojan_Gafgyt_28a2fe0c Author: unknown
        Source: Process Memory Space: boatnet.arm.elf PID: 6265, type: MEMORYSTRMatched rule: Linux_Trojan_Gafgyt_28a2fe0c Author: unknown
        Source: Process Memory Space: boatnet.arm.elf PID: 6271, type: MEMORYSTRMatched rule: Linux_Trojan_Gafgyt_28a2fe0c Author: unknown
        Source: LOAD without section mappingsProgram segment: 0x8000
        Source: 6271.1.00007f761c017000.00007f761c028000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_28a2fe0c os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = a2c6beaec18ca876e8487c11bcc7a29279669588aacb7d3027d8d8df8f5bcead, id = 28a2fe0c-eed5-4c79-81e6-3b11b73a4ebd, last_modified = 2021-09-16
        Source: 6263.1.00007f761c017000.00007f761c028000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_28a2fe0c os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = a2c6beaec18ca876e8487c11bcc7a29279669588aacb7d3027d8d8df8f5bcead, id = 28a2fe0c-eed5-4c79-81e6-3b11b73a4ebd, last_modified = 2021-09-16
        Source: 6265.1.00007f761c017000.00007f761c028000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_28a2fe0c os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = a2c6beaec18ca876e8487c11bcc7a29279669588aacb7d3027d8d8df8f5bcead, id = 28a2fe0c-eed5-4c79-81e6-3b11b73a4ebd, last_modified = 2021-09-16
        Source: 6261.1.00007f761c017000.00007f761c028000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_28a2fe0c os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = a2c6beaec18ca876e8487c11bcc7a29279669588aacb7d3027d8d8df8f5bcead, id = 28a2fe0c-eed5-4c79-81e6-3b11b73a4ebd, last_modified = 2021-09-16
        Source: Process Memory Space: boatnet.arm.elf PID: 6261, type: MEMORYSTRMatched rule: Linux_Trojan_Gafgyt_28a2fe0c os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = a2c6beaec18ca876e8487c11bcc7a29279669588aacb7d3027d8d8df8f5bcead, id = 28a2fe0c-eed5-4c79-81e6-3b11b73a4ebd, last_modified = 2021-09-16
        Source: Process Memory Space: boatnet.arm.elf PID: 6263, type: MEMORYSTRMatched rule: Linux_Trojan_Gafgyt_28a2fe0c os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = a2c6beaec18ca876e8487c11bcc7a29279669588aacb7d3027d8d8df8f5bcead, id = 28a2fe0c-eed5-4c79-81e6-3b11b73a4ebd, last_modified = 2021-09-16
        Source: Process Memory Space: boatnet.arm.elf PID: 6265, type: MEMORYSTRMatched rule: Linux_Trojan_Gafgyt_28a2fe0c os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = a2c6beaec18ca876e8487c11bcc7a29279669588aacb7d3027d8d8df8f5bcead, id = 28a2fe0c-eed5-4c79-81e6-3b11b73a4ebd, last_modified = 2021-09-16
        Source: Process Memory Space: boatnet.arm.elf PID: 6271, type: MEMORYSTRMatched rule: Linux_Trojan_Gafgyt_28a2fe0c os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = a2c6beaec18ca876e8487c11bcc7a29279669588aacb7d3027d8d8df8f5bcead, id = 28a2fe0c-eed5-4c79-81e6-3b11b73a4ebd, last_modified = 2021-09-16
        Source: classification engineClassification label: mal68.troj.evad.linELF@0/0@0/0

        Data Obfuscation

        barindex
        Sample is packed with UPX
        Source: initial sampleString containing UPX found: $Info: This file is packed with the UPX executable packer http://upx.sf.net $
        Source: initial sampleString containing UPX found: $Info: This file is packed with the UPX executable packer http://upx.sf.net $
        Source: initial sampleString containing UPX found: $Id: UPX 3.94 Copyright (C) 1996-2017 the UPX Team. All Rights Reserved. $
        Source: /usr/bin/dash (PID: 6324)Rm executable: /usr/bin/rm -> rm -f /tmp/tmp.ZrVMdoDE67 /tmp/tmp.Ew7NSqKcVL /tmp/tmp.S6r6vaHZIYJump to behavior
        Source: /usr/bin/dash (PID: 6325)Rm executable: /usr/bin/rm -> rm -f /tmp/tmp.ZrVMdoDE67 /tmp/tmp.Ew7NSqKcVL /tmp/tmp.S6r6vaHZIYJump to behavior
        Source: boatnet.arm.elfSubmission file: segment LOAD with 7.9538 entropy (max. 8.0)
        Source: /tmp/boatnet.arm.elf (PID: 6261)Queries kernel information via 'uname': Jump to behavior
        Source: boatnet.arm.elf, 6261.1.000055f3d0fa4000.000055f3d10d2000.rw-.sdmp, boatnet.arm.elf, 6263.1.000055f3d0fa4000.000055f3d10d2000.rw-.sdmp, boatnet.arm.elf, 6271.1.000055f3d0fa4000.000055f3d10d2000.rw-.sdmp, boatnet.arm.elf, 6265.1.000055f3d0fa4000.000055f3d10d2000.rw-.sdmpBinary or memory string: U!/etc/qemu-binfmt/arm
        Source: boatnet.arm.elf, 6261.1.000055f3d0fa4000.000055f3d10d2000.rw-.sdmp, boatnet.arm.elf, 6263.1.000055f3d0fa4000.000055f3d10d2000.rw-.sdmp, boatnet.arm.elf, 6271.1.000055f3d0fa4000.000055f3d10d2000.rw-.sdmp, boatnet.arm.elf, 6265.1.000055f3d0fa4000.000055f3d10d2000.rw-.sdmpBinary or memory string: /etc/qemu-binfmt/arm
        Source: boatnet.arm.elf, 6261.1.00007ffd3f097000.00007ffd3f0b8000.rw-.sdmp, boatnet.arm.elf, 6263.1.00007ffd3f097000.00007ffd3f0b8000.rw-.sdmp, boatnet.arm.elf, 6271.1.00007ffd3f097000.00007ffd3f0b8000.rw-.sdmp, boatnet.arm.elf, 6265.1.00007ffd3f097000.00007ffd3f0b8000.rw-.sdmpBinary or memory string: /usr/bin/qemu-arm
        Source: boatnet.arm.elf, 6261.1.00007ffd3f097000.00007ffd3f0b8000.rw-.sdmp, boatnet.arm.elf, 6263.1.00007ffd3f097000.00007ffd3f0b8000.rw-.sdmp, boatnet.arm.elf, 6271.1.00007ffd3f097000.00007ffd3f0b8000.rw-.sdmp, boatnet.arm.elf, 6265.1.00007ffd3f097000.00007ffd3f0b8000.rw-.sdmpBinary or memory string: x86_64/usr/bin/qemu-arm/tmp/boatnet.arm.elfSUDO_USER=saturninoPATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/snap/binDISPLAY=:1.0XAUTHORITY=/run/user/1000/gdm/XauthoritySUDO_UID=1000TERM=xterm-256colorCOLORTERM=truecolorLOGNAME=rootUSER=rootLANG=en_US.UTF-8SUDO_COMMAND=/bin/bashHOME=/rootMAIL=/var/mail/rootSUDO_GID=1000SHELL=/bin/bash/tmp/boatnet.arm.elf

        Stealing of Sensitive Information

        barindex
        Yara detected Mirai
        Source: Yara matchFile source: 6271.1.00007f761c017000.00007f761c028000.r-x.sdmp, type: MEMORY
        Source: Yara matchFile source: 6263.1.00007f761c017000.00007f761c028000.r-x.sdmp, type: MEMORY
        Source: Yara matchFile source: 6265.1.00007f761c017000.00007f761c028000.r-x.sdmp, type: MEMORY
        Source: Yara matchFile source: 6261.1.00007f761c017000.00007f761c028000.r-x.sdmp, type: MEMORY
        Source: Yara matchFile source: Process Memory Space: boatnet.arm.elf PID: 6261, type: MEMORYSTR
        Source: Yara matchFile source: Process Memory Space: boatnet.arm.elf PID: 6263, type: MEMORYSTR
        Source: Yara matchFile source: Process Memory Space: boatnet.arm.elf PID: 6265, type: MEMORYSTR
        Source: Yara matchFile source: Process Memory Space: boatnet.arm.elf PID: 6271, type: MEMORYSTR

        Remote Access Functionality

        barindex
        Yara detected Mirai
        Source: Yara matchFile source: 6271.1.00007f761c017000.00007f761c028000.r-x.sdmp, type: MEMORY
        Source: Yara matchFile source: 6263.1.00007f761c017000.00007f761c028000.r-x.sdmp, type: MEMORY
        Source: Yara matchFile source: 6265.1.00007f761c017000.00007f761c028000.r-x.sdmp, type: MEMORY
        Source: Yara matchFile source: 6261.1.00007f761c017000.00007f761c028000.r-x.sdmp, type: MEMORY
        Source: Yara matchFile source: Process Memory Space: boatnet.arm.elf PID: 6261, type: MEMORYSTR
        Source: Yara matchFile source: Process Memory Space: boatnet.arm.elf PID: 6263, type: MEMORYSTR
        Source: Yara matchFile source: Process Memory Space: boatnet.arm.elf PID: 6265, type: MEMORYSTR
        Source: Yara matchFile source: Process Memory Space: boatnet.arm.elf PID: 6271, type: MEMORYSTR

        Mitre Att&ck Matrix

        ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
        Gather Victim Identity InformationAcquire InfrastructureValid AccountsWindows Management InstrumentationPath InterceptionPath Interception11
        Obfuscated Files or Information        		OS Credential Dumping11
        Security Software Discovery        		Remote ServicesData from Local System1
        Encrypted Channel        		Exfiltration Over Other Network MediumAbuse Accessibility Features
        CredentialsDomainsDefault AccountsScheduled Task/JobBoot or Logon Initialization ScriptsBoot or Logon Initialization Scripts1
        File Deletion        		LSASS MemoryApplication Window DiscoveryRemote Desktop ProtocolData from Removable Media1
        Non-Standard Port        		Exfiltration Over BluetoothNetwork Denial of Service
        Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)Logon Script (Windows)Obfuscated Files or InformationSecurity Account ManagerQuery RegistrySMB/Windows Admin SharesData from Network Shared Drive1
        Application Layer Protocol        		Automated ExfiltrationData Encrypted for Impact

        Malware Configuration

        No configs have been found

        Behavior Graph

        Hide Legend

        Legend:

        • Process
        • Signature
        • Created File
        • DNS/IP Info
        • Is Dropped
        • Number of created Files
        • Is malicious
        • Internet
        behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 1665577 Sample: boatnet.arm.elf Startdate: 15/04/2025 Architecture: LINUX Score: 68 24 176.65.137.13, 43030, 43034, 7716 PALTEL-ASPALTELAutonomousSystemPS Germany 2->24 26 109.202.202.202, 80 INIT7CH Switzerland 2->26 28 3 other IPs or domains 2->28 30 Malicious sample detected (through community Yara rule) 2->30 32 Multi AV Scanner detection for submitted file 2->32 34 Yara detected Mirai 2->34 36 Sample is packed with UPX 2->36 8 boatnet.arm.elf 2->8         started        10 dash rm 2->10         started        12 dash rm 2->12         started        signatures3 process4 process5 14 boatnet.arm.elf 8->14         started        16 boatnet.arm.elf 8->16         started        18 boatnet.arm.elf 8->18         started        process6 20 boatnet.arm.elf 14->20         started        22 boatnet.arm.elf 14->22         started       

        Antivirus, Machine Learning and Genetic Malware Detection

        Initial Sample

        SourceDetectionScannerLabelLink
        boatnet.arm.elf33%ReversingLabsLinux.Backdoor.Mirai
        boatnet.arm.elf27%VirustotalBrowse

        Dropped Files

        No Antivirus matches

        Domains

        No Antivirus matches

        URLs

        No Antivirus matches

        Domains and IPs

        Contacted Domains

        No contacted domains info

        URLs from Memory and Binaries

        NameSourceMaliciousAntivirus DetectionReputation
        http://upx.sf.netboatnet.arm.elffalse
          		high

          World Map of Contacted IPs

          • No. of IPs < 25%
          • 25% < No. of IPs < 50%
          • 50% < No. of IPs < 75%
          • 75% < No. of IPs

          Public IPs

          IPDomainCountryFlagASNASN NameMalicious
          34.249.145.219
          		unknownUnited States
          		16509AMAZON-02USfalse
          109.202.202.202
          		unknownSwitzerland
          		13030INIT7CHfalse
          176.65.137.13
          		unknownGermany
          		12975PALTEL-ASPALTELAutonomousSystemPSfalse
          91.189.91.43
          		unknownUnited Kingdom
          		41231CANONICAL-ASGBfalse
          91.189.91.42
          		unknownUnited Kingdom
          		41231CANONICAL-ASGBfalse

          Joe Sandbox View / Context

          IPs

          MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
          34.249.145.219na.elfGet hashmaliciousPrometeiBrowse
            sshd.elfGet hashmaliciousUnknownBrowse
              na.elfGet hashmaliciousPrometeiBrowse
                boatnet.arm7.elfGet hashmaliciousMiraiBrowse
                  .i.elfGet hashmaliciousUnknownBrowse
                    sshd.elfGet hashmaliciousUnknownBrowse
                      boatnet.arm.elfGet hashmaliciousMiraiBrowse
                        na.elfGet hashmaliciousPrometeiBrowse
                          na.elfGet hashmaliciousPrometeiBrowse
                            xd.arc.elfGet hashmaliciousMiraiBrowse
                              109.202.202.202kpLwzBouH4.elfGet hashmaliciousUnknownBrowse
                              • ch.archive.ubuntu.com/ubuntu/pool/main/f/firefox/firefox_92.0%2bbuild3-0ubuntu0.20.04.1_amd64.deb
                              176.65.137.13boatnet.arm7.elfGet hashmaliciousMiraiBrowse
                                boatnet.arm.elfGet hashmaliciousMiraiBrowse
                                  boatnet.spc.elfGet hashmaliciousMiraiBrowse
                                    boatnet.mpsl.elfGet hashmaliciousMiraiBrowse
                                      boatnet.ppc.elfGet hashmaliciousMiraiBrowse
                                        boatnet.arm.elfGet hashmaliciousUnknownBrowse
                                          boatnet.mips.elfGet hashmaliciousUnknownBrowse
                                            boatnet.x86.elfGet hashmaliciousUnknownBrowse
                                              boatnet.arm7.elfGet hashmaliciousUnknownBrowse
                                                boatnet.mpsl.elfGet hashmaliciousUnknownBrowse
                                                  91.189.91.43na.elfGet hashmaliciousPrometeiBrowse
                                                    sshd.elfGet hashmaliciousUnknownBrowse
                                                      na.elfGet hashmaliciousPrometeiBrowse
                                                        boatnet.arm7.elfGet hashmaliciousMiraiBrowse
                                                          mqi686.elfGet hashmaliciousMiraiBrowse
                                                            .i.elfGet hashmaliciousUnknownBrowse
                                                              sshd.elfGet hashmaliciousUnknownBrowse
                                                                boatnet.arm.elfGet hashmaliciousMiraiBrowse
                                                                  na.elfGet hashmaliciousPrometeiBrowse
                                                                    xd.arc.elfGet hashmaliciousMiraiBrowse

                                                                      Domains

                                                                      No context

                                                                      ASNs

                                                                      MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                      CANONICAL-ASGBna.elfGet hashmaliciousPrometeiBrowse
                                                                      • 91.189.91.42
                                                                      sshd.elfGet hashmaliciousUnknownBrowse
                                                                      • 91.189.91.42
                                                                      na.elfGet hashmaliciousPrometeiBrowse
                                                                      • 91.189.91.42
                                                                      na.elfGet hashmaliciousPrometeiBrowse
                                                                      • 185.125.190.26
                                                                      boatnet.arm7.elfGet hashmaliciousMiraiBrowse
                                                                      • 91.189.91.42
                                                                      mqi686.elfGet hashmaliciousMiraiBrowse
                                                                      • 91.189.91.42
                                                                      Mozi.m.elfGet hashmaliciousUnknownBrowse
                                                                      • 185.125.190.26
                                                                      .i.elfGet hashmaliciousUnknownBrowse
                                                                      • 91.189.91.42
                                                                      sshd.elfGet hashmaliciousUnknownBrowse
                                                                      • 91.189.91.42
                                                                      boatnet.arm.elfGet hashmaliciousMiraiBrowse
                                                                      • 91.189.91.42
                                                                      CANONICAL-ASGBna.elfGet hashmaliciousPrometeiBrowse
                                                                      • 91.189.91.42
                                                                      sshd.elfGet hashmaliciousUnknownBrowse
                                                                      • 91.189.91.42
                                                                      na.elfGet hashmaliciousPrometeiBrowse
                                                                      • 91.189.91.42
                                                                      na.elfGet hashmaliciousPrometeiBrowse
                                                                      • 185.125.190.26
                                                                      boatnet.arm7.elfGet hashmaliciousMiraiBrowse
                                                                      • 91.189.91.42
                                                                      mqi686.elfGet hashmaliciousMiraiBrowse
                                                                      • 91.189.91.42
                                                                      Mozi.m.elfGet hashmaliciousUnknownBrowse
                                                                      • 185.125.190.26
                                                                      .i.elfGet hashmaliciousUnknownBrowse
                                                                      • 91.189.91.42
                                                                      sshd.elfGet hashmaliciousUnknownBrowse
                                                                      • 91.189.91.42
                                                                      boatnet.arm.elfGet hashmaliciousMiraiBrowse
                                                                      • 91.189.91.42
                                                                      INIT7CHna.elfGet hashmaliciousPrometeiBrowse
                                                                      • 109.202.202.202
                                                                      sshd.elfGet hashmaliciousUnknownBrowse
                                                                      • 109.202.202.202
                                                                      na.elfGet hashmaliciousPrometeiBrowse
                                                                      • 109.202.202.202
                                                                      boatnet.arm7.elfGet hashmaliciousMiraiBrowse
                                                                      • 109.202.202.202
                                                                      mqi686.elfGet hashmaliciousMiraiBrowse
                                                                      • 109.202.202.202
                                                                      .i.elfGet hashmaliciousUnknownBrowse
                                                                      • 109.202.202.202
                                                                      sshd.elfGet hashmaliciousUnknownBrowse
                                                                      • 109.202.202.202
                                                                      boatnet.arm.elfGet hashmaliciousMiraiBrowse
                                                                      • 109.202.202.202
                                                                      na.elfGet hashmaliciousPrometeiBrowse
                                                                      • 109.202.202.202
                                                                      na.elfGet hashmaliciousPrometeiBrowse
                                                                      • 109.202.202.202
                                                                      AMAZON-02USna.elfGet hashmaliciousPrometeiBrowse
                                                                      • 52.11.240.239
                                                                      na.elfGet hashmaliciousPrometeiBrowse
                                                                      • 34.249.145.219
                                                                      random.exeGet hashmaliciousCredential FlusherBrowse
                                                                      • 52.36.50.141
                                                                      https://compliancetracking.cfainstitute.org/amc-form?token=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJpZCI6ImU5OGFkMTQzLWM0YzEtNDIwYi05OWQ4LTRlODM2ZmFiNjQ4NyIsIm5iZiI6MTc0NDY2NTI5OSwiZXhwIjoxNzQ1MjcwMDk5LCJpYXQiOjE3NDQ2NjUyOTksImlzcyI6Imh0dHBzOi8vc3RhbmRhcmRzY29tcGxpYW5jZXRyYWNraW5nYXBpLmNmYWluc3RpdHV0ZS5vcmcvIn0.l4SBJnn8huVpuJVgzl7oq2riSJ7NbE6i7-Sgdch3E3sGet hashmaliciousUnknownBrowse
                                                                      • 108.156.152.8
                                                                      https://bjcgghbjchdgbfbghdgghbjchdgbfbggbfbg.sharefile.eu/share/view/sce3352de88ff40309b639a23a0046fb1Get hashmaliciousHTMLPhisher, Mamba2FABrowse
                                                                      • 3.161.163.87
                                                                      Payment Confirmation.exeGet hashmaliciousFormBookBrowse
                                                                      • 13.248.169.48
                                                                      http://universityorthony.comGet hashmaliciousUnknownBrowse
                                                                      • 3.161.136.101
                                                                      https://btrsm-configurations.s3.us-west-1.amazonaws.com/Owens_Illinois/Credentials_Synchronization.exeGet hashmaliciousUnknownBrowse
                                                                      • 52.219.121.82
                                                                      https://trk.mmail.lst.fin.gov.on.ca/trk/click?ref=zr9uf3m5h_4-c79f_0x31f9d3x01938Get hashmaliciousUnknownBrowse
                                                                      • 35.182.53.34
                                                                      Vessel's inquiry - 22054.exeGet hashmaliciousFormBookBrowse
                                                                      • 13.248.169.48
                                                                      PALTEL-ASPALTELAutonomousSystemPSboatnet.arm7.elfGet hashmaliciousMiraiBrowse
                                                                      • 176.65.137.13
                                                                      boatnet.arm.elfGet hashmaliciousMiraiBrowse
                                                                      • 176.65.137.13
                                                                      boatnet.spc.elfGet hashmaliciousMiraiBrowse
                                                                      • 176.65.137.13
                                                                      boatnet.mpsl.elfGet hashmaliciousMiraiBrowse
                                                                      • 176.65.137.13
                                                                      boatnet.ppc.elfGet hashmaliciousMiraiBrowse
                                                                      • 176.65.137.13
                                                                      boatnet.x86.elfGet hashmaliciousMiraiBrowse
                                                                      • 176.65.144.253
                                                                      boatnet.x86.elfGet hashmaliciousMiraiBrowse
                                                                      • 176.65.144.253
                                                                      splarm5.elfGet hashmaliciousUnknownBrowse
                                                                      • 77.91.171.221
                                                                      resgod.spc.elfGet hashmaliciousMiraiBrowse
                                                                      • 213.6.197.26
                                                                      boatnet.arm.elfGet hashmaliciousUnknownBrowse
                                                                      • 176.65.137.13

                                                                      JA3 Fingerprints

                                                                      No context

                                                                      Dropped Files

                                                                      No context

                                                                      Created / dropped Files

                                                                      No created / dropped files found

                                                                      Static File Info

                                                                      General

                                                                      File type:ELF 32-bit LSB executable, ARM, version 1 (ARM), statically linked, no section header
                                                                      Entropy (8bit):7.95086494172868
                                                                      TrID:
                                                                      • ELF Executable and Linkable format (generic) (4004/1) 100.00%
                                                                      File name:boatnet.arm.elf
                                                                      File size:30'668 bytes
                                                                      MD5:74f698dfcc5fbbba723c2fa6c3752cd2
                                                                      SHA1:154398e0b1cba50fd64f3766839191111662890c
                                                                      SHA256:94f5a56a36ce7b8ed3d816b3c064ca1e840e2b584f0b6cfa62e31392a13e3ce5
                                                                      SHA512:dc89e1c57d15e0fbe9f9035386f4da50fff50e8ba0a0cd96ebd621af052fdd16da77a7b63130de629b7a97364aaac9e2a19aaa73cee140f4273fa2e54856e534
                                                                      SSDEEP:768:ZWfN296HrfLxaLOaX9uHzKtB+ZU8hY2iNi+WRh5vs3Uozj:ZWfNuc3sjuHet802iNBWR6zj
                                                                      TLSH:EAD2D09504D95B31D9F05C3A5472C64B22B7ABF8C4FD30727A24868687BBB2E4F72B44
                                                                      File Content Preview:.ELF...a..........(.....0...4...........4. ...(......................v...v...............h...h...h..................Q.td............................s.y.UPX!........L...L.......S..........?.E.h;.}...^..........f0..J.%.",.....n7..Io........."...~8*. .....b.

                                                                      Static ELF Info

                                                                      ELF header

                                                                      Class:ELF32
                                                                      Data:2's complement, little endian
                                                                      Version:1 (current)
                                                                      Machine:ARM
                                                                      Version Number:0x1
                                                                      Type:EXEC (Executable file)
                                                                      OS/ABI:ARM - ABI
                                                                      ABI Version:0
                                                                      Entry Point Address:0xe530
                                                                      Flags:0x202
                                                                      ELF Header Size:52
                                                                      Program Header Offset:52
                                                                      Program Header Size:32
                                                                      Number of Program Headers:3
                                                                      Section Header Offset:0
                                                                      Section Header Size:40
                                                                      Number of Section Headers:0
                                                                      Header String Table Index:0

                                                                      Program Segments

                                                                      TypeOffsetVirtual AddressPhysical AddressFile SizeMemory SizeEntropyFlagsFlags DescriptionAlignProg InterpreterSection Mappings
                                                                      LOAD0x00x80000x80000x76df0x76df7.95380x5R E0x8000
                                                                      LOAD0x68a80x268a80x268a80x00x00.00000x6RW 0x8000
                                                                      GNU_STACK0x00x00x00x00x00.00000x7RWE0x4

                                                                      Network Behavior

                                                                      Network Port Distribution

                                                                      TCP Packets

                                                                      TimestampSource PortDest PortSource IPDest IP
                                                                      Apr 15, 2025 17:15:53.336302042 CEST4251680192.168.2.23109.202.202.202
                                                                      Apr 15, 2025 17:15:54.360157013 CEST43928443192.168.2.2391.189.91.42
                                                                      Apr 15, 2025 17:15:54.373256922 CEST430307716192.168.2.23176.65.137.13
                                                                      Apr 15, 2025 17:15:54.580693960 CEST771643030176.65.137.13192.168.2.23
                                                                      Apr 15, 2025 17:15:54.580802917 CEST430307716192.168.2.23176.65.137.13
                                                                      Apr 15, 2025 17:15:54.582169056 CEST430307716192.168.2.23176.65.137.13
                                                                      Apr 15, 2025 17:15:54.789975882 CEST771643030176.65.137.13192.168.2.23
                                                                      Apr 15, 2025 17:15:54.790257931 CEST430307716192.168.2.23176.65.137.13
                                                                      Apr 15, 2025 17:15:54.998231888 CEST771643030176.65.137.13192.168.2.23
                                                                      Apr 15, 2025 17:15:57.928872108 CEST39254443192.168.2.2334.249.145.219
                                                                      Apr 15, 2025 17:15:57.928947926 CEST4433925434.249.145.219192.168.2.23
                                                                      Apr 15, 2025 17:15:57.929188013 CEST39254443192.168.2.2334.249.145.219
                                                                      Apr 15, 2025 17:15:57.929792881 CEST39254443192.168.2.2334.249.145.219
                                                                      Apr 15, 2025 17:15:57.929817915 CEST4433925434.249.145.219192.168.2.23
                                                                      Apr 15, 2025 17:15:59.351993084 CEST430347716192.168.2.23176.65.137.13
                                                                      Apr 15, 2025 17:15:59.562294006 CEST771643034176.65.137.13192.168.2.23
                                                                      Apr 15, 2025 17:15:59.562364101 CEST430347716192.168.2.23176.65.137.13
                                                                      Apr 15, 2025 17:15:59.563842058 CEST430347716192.168.2.23176.65.137.13
                                                                      Apr 15, 2025 17:15:59.773540020 CEST771643034176.65.137.13192.168.2.23
                                                                      Apr 15, 2025 17:15:59.773665905 CEST430347716192.168.2.23176.65.137.13
                                                                      Apr 15, 2025 17:15:59.983544111 CEST771643034176.65.137.13192.168.2.23
                                                                      Apr 15, 2025 17:15:59.991308928 CEST42836443192.168.2.2391.189.91.43
                                                                      Apr 15, 2025 17:16:04.591204882 CEST430307716192.168.2.23176.65.137.13
                                                                      Apr 15, 2025 17:16:04.798549891 CEST771643030176.65.137.13192.168.2.23
                                                                      Apr 15, 2025 17:16:04.798610926 CEST771643030176.65.137.13192.168.2.23
                                                                      Apr 15, 2025 17:16:04.798851967 CEST430307716192.168.2.23176.65.137.13
                                                                      Apr 15, 2025 17:16:09.572870016 CEST430347716192.168.2.23176.65.137.13
                                                                      Apr 15, 2025 17:16:09.782773018 CEST771643034176.65.137.13192.168.2.23
                                                                      Apr 15, 2025 17:16:09.782957077 CEST771643034176.65.137.13192.168.2.23
                                                                      Apr 15, 2025 17:16:09.783112049 CEST430347716192.168.2.23176.65.137.13
                                                                      Apr 15, 2025 17:16:15.093254089 CEST43928443192.168.2.2391.189.91.42
                                                                      Apr 15, 2025 17:16:20.026020050 CEST771643030176.65.137.13192.168.2.23
                                                                      Apr 15, 2025 17:16:20.026212931 CEST430307716192.168.2.23176.65.137.13
                                                                      Apr 15, 2025 17:16:23.284467936 CEST4251680192.168.2.23109.202.202.202
                                                                      Apr 15, 2025 17:16:25.020714045 CEST771643034176.65.137.13192.168.2.23
                                                                      Apr 15, 2025 17:16:25.020891905 CEST430347716192.168.2.23176.65.137.13
                                                                      Apr 15, 2025 17:16:27.379627943 CEST42836443192.168.2.2391.189.91.43
                                                                      Apr 15, 2025 17:16:35.232815981 CEST771643030176.65.137.13192.168.2.23
                                                                      Apr 15, 2025 17:16:35.233084917 CEST430307716192.168.2.23176.65.137.13
                                                                      Apr 15, 2025 17:16:40.230622053 CEST771643034176.65.137.13192.168.2.23
                                                                      Apr 15, 2025 17:16:40.230777025 CEST430347716192.168.2.23176.65.137.13
                                                                      Apr 15, 2025 17:16:50.439755917 CEST771643030176.65.137.13192.168.2.23
                                                                      Apr 15, 2025 17:16:50.439960957 CEST430307716192.168.2.23176.65.137.13
                                                                      Apr 15, 2025 17:16:55.440741062 CEST771643034176.65.137.13192.168.2.23
                                                                      Apr 15, 2025 17:16:55.440890074 CEST430347716192.168.2.23176.65.137.13
                                                                      Apr 15, 2025 17:16:56.047571898 CEST43928443192.168.2.2391.189.91.42
                                                                      Apr 15, 2025 17:16:57.921232939 CEST39254443192.168.2.2334.249.145.219
                                                                      Apr 15, 2025 17:16:57.968270063 CEST4433925434.249.145.219192.168.2.23
                                                                      Apr 15, 2025 17:17:04.844744921 CEST430307716192.168.2.23176.65.137.13
                                                                      Apr 15, 2025 17:17:05.052469015 CEST771643030176.65.137.13192.168.2.23
                                                                      Apr 15, 2025 17:17:05.052834034 CEST430307716192.168.2.23176.65.137.13
                                                                      Apr 15, 2025 17:17:09.815907001 CEST430347716192.168.2.23176.65.137.13
                                                                      Apr 15, 2025 17:17:10.029315948 CEST771643034176.65.137.13192.168.2.23
                                                                      Apr 15, 2025 17:17:10.029521942 CEST430347716192.168.2.23176.65.137.13
                                                                      Apr 15, 2025 17:17:20.281774044 CEST771643030176.65.137.13192.168.2.23
                                                                      Apr 15, 2025 17:17:20.281951904 CEST430307716192.168.2.23176.65.137.13
                                                                      Apr 15, 2025 17:17:25.276788950 CEST771643034176.65.137.13192.168.2.23
                                                                      Apr 15, 2025 17:17:25.276959896 CEST430347716192.168.2.23176.65.137.13
                                                                      Apr 15, 2025 17:17:35.488846064 CEST771643030176.65.137.13192.168.2.23
                                                                      Apr 15, 2025 17:17:35.489208937 CEST430307716192.168.2.23176.65.137.13
                                                                      Apr 15, 2025 17:17:40.486773014 CEST771643034176.65.137.13192.168.2.23
                                                                      Apr 15, 2025 17:17:40.486959934 CEST430347716192.168.2.23176.65.137.13
                                                                      Apr 15, 2025 17:17:50.695743084 CEST771643030176.65.137.13192.168.2.23
                                                                      Apr 15, 2025 17:17:50.695872068 CEST430307716192.168.2.23176.65.137.13
                                                                      Apr 15, 2025 17:17:55.697077990 CEST771643034176.65.137.13192.168.2.23
                                                                      Apr 15, 2025 17:17:55.697371006 CEST430347716192.168.2.23176.65.137.13

                                                                      System Behavior

                                                                      General

                                                                      Start time (UTC):15:15:53
                                                                      Start date (UTC):15/04/2025
                                                                      Path:/tmp/boatnet.arm.elf
                                                                      Arguments:/tmp/boatnet.arm.elf
                                                                      File size:4956856 bytes
                                                                      MD5 hash:5ebfcae4fe2471fcc5695c2394773ff1

                                                                      Chronological Activities


                                                                      General

                                                                      Start time (UTC):15:15:53
                                                                      Start date (UTC):15/04/2025
                                                                      Path:/tmp/boatnet.arm.elf
                                                                      Arguments:-
                                                                      File size:4956856 bytes
                                                                      MD5 hash:5ebfcae4fe2471fcc5695c2394773ff1

                                                                      Chronological Activities


                                                                      General

                                                                      Start time (UTC):15:15:58
                                                                      Start date (UTC):15/04/2025
                                                                      Path:/tmp/boatnet.arm.elf
                                                                      Arguments:-
                                                                      File size:4956856 bytes
                                                                      MD5 hash:5ebfcae4fe2471fcc5695c2394773ff1

                                                                      Chronological Activities


                                                                      General

                                                                      Start time (UTC):15:15:58
                                                                      Start date (UTC):15/04/2025
                                                                      Path:/tmp/boatnet.arm.elf
                                                                      Arguments:-
                                                                      File size:4956856 bytes
                                                                      MD5 hash:5ebfcae4fe2471fcc5695c2394773ff1

                                                                      Chronological Activities


                                                                      General

                                                                      Start time (UTC):15:15:53
                                                                      Start date (UTC):15/04/2025
                                                                      Path:/tmp/boatnet.arm.elf
                                                                      Arguments:-
                                                                      File size:4956856 bytes
                                                                      MD5 hash:5ebfcae4fe2471fcc5695c2394773ff1

                                                                      Chronological Activities


                                                                      General

                                                                      Start time (UTC):15:15:53
                                                                      Start date (UTC):15/04/2025
                                                                      Path:/tmp/boatnet.arm.elf
                                                                      Arguments:-
                                                                      File size:4956856 bytes
                                                                      MD5 hash:5ebfcae4fe2471fcc5695c2394773ff1

                                                                      Chronological Activities


                                                                      General

                                                                      Start time (UTC):15:16:57
                                                                      Start date (UTC):15/04/2025
                                                                      Path:/usr/bin/dash
                                                                      Arguments:-
                                                                      File size:129816 bytes
                                                                      MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

                                                                      Chronological Activities


                                                                      General

                                                                      Start time (UTC):15:16:57
                                                                      Start date (UTC):15/04/2025
                                                                      Path:/usr/bin/rm
                                                                      Arguments:rm -f /tmp/tmp.ZrVMdoDE67 /tmp/tmp.Ew7NSqKcVL /tmp/tmp.S6r6vaHZIY
                                                                      File size:72056 bytes
                                                                      MD5 hash:aa2b5496fdbfd88e38791ab81f90b95b

                                                                      Chronological Activities


                                                                      General

                                                                      Start time (UTC):15:16:57
                                                                      Start date (UTC):15/04/2025
                                                                      Path:/usr/bin/dash
                                                                      Arguments:-
                                                                      File size:129816 bytes
                                                                      MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

                                                                      Chronological Activities


                                                                      General

                                                                      Start time (UTC):15:16:57
                                                                      Start date (UTC):15/04/2025
                                                                      Path:/usr/bin/rm
                                                                      Arguments:rm -f /tmp/tmp.ZrVMdoDE67 /tmp/tmp.Ew7NSqKcVL /tmp/tmp.S6r6vaHZIY
                                                                      File size:72056 bytes
                                                                      MD5 hash:aa2b5496fdbfd88e38791ab81f90b95b

                                                                      Chronological Activities