Analysis
-
max time kernel
149s -
max time network
151s -
platform
ubuntu-24.04_amd64 -
resource
ubuntu2404-amd64-20240729-en -
resource tags
arch:amd64arch:i386image:ubuntu2404-amd64-20240729-enkernel:6.8.0-31-genericlocale:en-usos:ubuntu-24.04-amd64system -
submitted
20/11/2024, 00:06
Behavioral task
behavioral1
Sample
boatnet.x86.elf
Resource
ubuntu2404-amd64-20240729-en
ubuntu-24.04-amd64
2 signatures
150 seconds
General
-
Target
boatnet.x86.elf
-
Size
14KB
-
MD5
c59fbeee0774d04c95351dc2c2462499
-
SHA1
f3d986ca1811f5a64d6b1c685e50eb29e207e04a
-
SHA256
d552d3ff41490f9a491fdbb8ebe5a0088e5a7b29f68309acdfc21ec93394b2b6
-
SHA512
e8b526357eef6953c37e1a338c3f3591cad2d9135f2d8c3a3c77fcf3193ebcc33fcff57ed0dd059f72337f736901c1cb5a871dc6b1fe352045e16256b1372fa9
-
SSDEEP
384:Mslj7EIKl/shzNZ6q5ulqSHTgfviqv9v1R1K:UhSe4J3M
Score
7/10
Malware Config
Signatures
-
Loads a kernel module 64 IoCs
Loads a Linux kernel module, potentially to achieve persistence
pid Process 2498 boatnet.x86.elf 2500 boatnet.x86.elf 2500 boatnet.x86.elf 2500 boatnet.x86.elf 2500 boatnet.x86.elf 2500 boatnet.x86.elf 2500 boatnet.x86.elf 2499 boatnet.x86.elf 2499 boatnet.x86.elf 2500 boatnet.x86.elf 2500 boatnet.x86.elf 2500 boatnet.x86.elf 2500 boatnet.x86.elf 2500 boatnet.x86.elf 2500 boatnet.x86.elf 2499 boatnet.x86.elf 2500 boatnet.x86.elf 2499 boatnet.x86.elf 2499 boatnet.x86.elf 2500 boatnet.x86.elf 2500 boatnet.x86.elf 2499 boatnet.x86.elf 2500 boatnet.x86.elf 2500 boatnet.x86.elf 2500 boatnet.x86.elf 2500 boatnet.x86.elf 2500 boatnet.x86.elf 2499 boatnet.x86.elf 2500 boatnet.x86.elf 2500 boatnet.x86.elf 2499 boatnet.x86.elf 2500 boatnet.x86.elf 2500 boatnet.x86.elf 2500 boatnet.x86.elf 2500 boatnet.x86.elf 2500 boatnet.x86.elf 2499 boatnet.x86.elf 2500 boatnet.x86.elf 2499 boatnet.x86.elf 2500 boatnet.x86.elf 2500 boatnet.x86.elf 2500 boatnet.x86.elf 2500 boatnet.x86.elf 2500 boatnet.x86.elf 2499 boatnet.x86.elf 2500 boatnet.x86.elf 2500 boatnet.x86.elf 2499 boatnet.x86.elf 2500 boatnet.x86.elf 2500 boatnet.x86.elf 2500 boatnet.x86.elf 2500 boatnet.x86.elf 2500 boatnet.x86.elf 2499 boatnet.x86.elf 2500 boatnet.x86.elf 2500 boatnet.x86.elf 2499 boatnet.x86.elf 2499 boatnet.x86.elf 2500 boatnet.x86.elf 2500 boatnet.x86.elf 2499 boatnet.x86.elf 2500 boatnet.x86.elf 2500 boatnet.x86.elf 2500 boatnet.x86.elf -
Unexpected DNS network traffic destination 32 IoCs
Network traffic to other servers than the configured DNS servers was detected on the DNS port.
description ioc Destination IP 194.36.144.87 Destination IP 51.158.108.203 Destination IP 217.160.70.42 Destination IP 185.232.68.212 Destination IP 194.36.144.87 Destination IP 168.235.111.72 Destination IP 217.160.70.42 Destination IP 185.232.68.212 Destination IP 137.220.55.93 Destination IP 5.161.109.23 Destination IP 51.254.162.59 Destination IP 137.220.55.93 Destination IP 81.169.136.222 Destination IP 137.220.55.93 Destination IP 64.176.6.48 Destination IP 65.21.1.106 Destination IP 139.84.165.176 Destination IP 137.220.55.93 Destination IP 194.36.144.87 Destination IP 139.84.165.176 Destination IP 139.84.165.176 Destination IP 64.176.6.48 Destination IP 139.84.165.176 Destination IP 178.254.22.166 Destination IP 152.53.15.127 Destination IP 5.161.109.23 Destination IP 51.254.162.59 Destination IP 51.254.162.59 Destination IP 152.53.15.127 Destination IP 137.220.55.93 Destination IP 185.232.68.212 Destination IP 5.161.109.23