File name:

boatnet.arm7

Full analysis: https://app.any.run/tasks/06889758-78e7-416c-91ff-2c16308b0a09
Verdict: Malicious activity
Threats:

A botnet is a group of internet-connected devices that are controlled by a single individual or group, often without the knowledge or consent of the device owners. These devices can be used to launch a variety of malicious attacks, such as distributed denial-of-service (DDoS) attacks, spam campaigns, and data theft. Botnet malware is the software that is used to infect devices and turn them into part of a botnet.

Malware Trends Tracker     >>>
Analysis date: January 10, 2026, 07:46:09
OS: Debian 12.2
Tags:
mirai
botnet
Indicators:
MIME: application/x-executable
File info: ELF 32-bit LSB executable, ARM, EABI4 version 1 (GNU/Linux), statically linked, no section header
MD5:

BC0C817342FE0B1ADC68D2D76D2E33F2

SHA1:

4D713B3D4E37E3B0A63584BECE96CB6B4018E96B

SHA256:

2454B591827E78BF8FF728EF6BDA5CAF8B240C6ED856C718407A957E4B8B240C

SSDEEP:

3072:y3H1foKTFG87oa2hbLzns+xcJ28JT1fT1uoTZR6sLT9A1O:yX1f6uOhn9xcJDfT8onTj

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    • MIRAI has been detected (SURICATA)

      • boatnet.arm7.elf (PID: 1400)

  • SUSPICIOUS

    • Modifies file or directory owner

      • sudo (PID: 1386)

    • Contacting a server suspected of hosting an CnC

      • boatnet.arm7.elf (PID: 1400)

    • Connects to unusual port

      • boatnet.arm7.elf (PID: 1400)

  • INFO

    No info indicators.
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.

TRiD

.o | ELF Executable and Linkable format (generic) (100)

EXIF

EXE

CPUArchitecture: 32 bit
CPUByteOrder: Little endian
ObjectFileType: Executable file
CPUType: Arm (up to Armv7/AArch32)
No data.
screenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
109
Monitored processes
10
Malicious processes
3
Suspicious processes
1

Behavior graph

Click at the process to see the details
dash no specs sudo no specs chown no specs chmod no specs sudo no specs boatnet.arm7.elf no specs id no specs boatnet.arm7.elf no specs boatnet.arm7.elf no specs #MIRAI boatnet.arm7.elf

Process information

PID
CMD
Path
Indicators
Parent process
1385/bin/sh -c "sudo chown user /tmp/boatnet\.arm7\.elf && chmod +x /tmp/boatnet\.arm7\.elf && DISPLAY=:0 sudo -iu user /tmp/boatnet\.arm7\.elf "/usr/bin/dasheOLRkkNCsAxcqyAk
User:
root
Integrity Level:
UNKNOWN
Exit code:
0
Modules
Images
/usr/lib/aarch64-linux-gnu/libc.so.6
1386sudo chown user /tmp/boatnet.arm7.elf/usr/bin/sudodash
User:
root
Integrity Level:
UNKNOWN
Exit code:
0
Modules
Images
/usr/lib/aarch64-linux-gnu/libaudit.so.1.0.0
/usr/lib/aarch64-linux-gnu/libselinux.so.1
/usr/libexec/sudo/libsudo_util.so.0.0.0
/usr/lib/aarch64-linux-gnu/libc.so.6
/usr/lib/aarch64-linux-gnu/libcap-ng.so.0.0.0
/usr/lib/aarch64-linux-gnu/libpcre2-8.so.0.11.2
/usr/lib/aarch64-linux-gnu/libnss_systemd.so.2
/usr/lib/aarch64-linux-gnu/libcap.so.2.66
/usr/lib/aarch64-linux-gnu/libm.so.6
/usr/libexec/sudo/sudoers.so
1387chown user /tmp/boatnet.arm7.elf/usr/bin/chownsudo
User:
root
Integrity Level:
UNKNOWN
Exit code:
0
Modules
Images
/usr/lib/aarch64-linux-gnu/libc.so.6
1388chmod +x /tmp/boatnet.arm7.elf/usr/bin/chmoddash
User:
root
Integrity Level:
UNKNOWN
Exit code:
0
Modules
Images
/usr/lib/aarch64-linux-gnu/libc.so.6
1389sudo -iu user /tmp/boatnet.arm7.elf/usr/bin/sudodash
User:
root
Integrity Level:
UNKNOWN
Exit code:
0
Modules
Images
/usr/lib/aarch64-linux-gnu/libaudit.so.1.0.0
/usr/lib/aarch64-linux-gnu/libselinux.so.1
/usr/libexec/sudo/libsudo_util.so.0.0.0
/usr/lib/aarch64-linux-gnu/libc.so.6
/usr/lib/aarch64-linux-gnu/libcap-ng.so.0.0.0
/usr/lib/aarch64-linux-gnu/libpcre2-8.so.0.11.2
/usr/lib/aarch64-linux-gnu/libnss_systemd.so.2
/usr/lib/aarch64-linux-gnu/libcap.so.2.66
/usr/lib/aarch64-linux-gnu/libm.so.6
/usr/libexec/sudo/sudoers.so
1392/tmp/boatnet.arm7.elf/tmp/boatnet.arm7.elfsudo
User:
user
Integrity Level:
UNKNOWN
Exit code:
0
Modules
Images
/usr/lib/aarch64-linux-gnu/libtinfo.so.6.4
/usr/lib/aarch64-linux-gnu/libc.so.6
1393id -u/usr/bin/idboatnet.arm7.elf
User:
user
Integrity Level:
UNKNOWN
Exit code:
0
Modules
Images
/usr/lib/aarch64-linux-gnu/libselinux.so.1
/usr/lib/aarch64-linux-gnu/libc.so.6
/usr/lib/aarch64-linux-gnu/libpcre2-8.so.0.11.2
1398/tmp/boatnet.arm7.elf/tmp/boatnet.arm7.elfboatnet.arm7.elf
User:
user
Integrity Level:
UNKNOWN
Exit code:
0
1399/tmp/boatnet.arm7.elf/tmp/boatnet.arm7.elfboatnet.arm7.elf
User:
user
Integrity Level:
UNKNOWN
Exit code:
0
1400/tmp/boatnet.arm7.elf/tmp/boatnet.arm7.elf
boatnet.arm7.elf
User:
user
Integrity Level:
UNKNOWN
Exit code:
9
Executable files
0
Suspicious files
0
Text files
0
Unknown types
0

Dropped files

No data
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
0
TCP/UDP connections
5
DNS requests
4
Threats
4

HTTP requests

No HTTP requests
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
459
avahi-daemon
224.0.0.251:5353
whitelisted
212.132.97.26:123
2.debian.pool.ntp.org
IONOS-AS This is the joint network for IONOS, Fasthosts, Arsys, 1&1 Mail and Media and 1&1 Telecom. Formerly known as 1&1 Internet SE.
DE
whitelisted
1400
boatnet.arm7.elf
144.172.110.33:3778
ROUTERHOSTING
US
malicious
438
systemd-timesyncd
212.132.97.26:123
2.debian.pool.ntp.org
IONOS-AS This is the joint network for IONOS, Fasthosts, Arsys, 1&1 Mail and Media and 1&1 Telecom. Formerly known as 1&1 Internet SE.
DE
whitelisted

DNS requests

Domain
IP
Reputation
google.com
  • 142.250.185.110
  • 2a00:1450:4001:80e::200e
whitelisted
2.debian.pool.ntp.org
  • 212.132.97.26
  • 46.38.244.94
  • 144.76.66.157
  • 217.154.182.60
  • 2a02:8106:21:9400::6
  • 2a13:7840:c0de::2
  • 2a01:4f8:200:1473:bee::123
  • 2a0e:b107:27fe::123
whitelisted

Threats

PID
Process
Class
Message
1400
boatnet.arm7.elf
Malware Command and Control Activity Detected
BOTNET [ANY.RUN] Linux/Mirai.B Client Hello
1400
boatnet.arm7.elf
Malware Command and Control Activity Detected
BOTNET [ANY.RUN] Linux/Mirai.B Client Hello
1400
boatnet.arm7.elf
Malware Command and Control Activity Detected
BOTNET [ANY.RUN] Possible Mirai.Gen (Linux)
1400
boatnet.arm7.elf
Malware Command and Control Activity Detected
BOTNET [ANY.RUN] Possible Mirai.Gen (Linux)
No debug info
Interactive malware hunting service ANY.RUN
© 2017-2026 ANY.RUN ALL RIGHTS RESERVED
ANY.RUN
Reports
boatnet.arm7