Report Overview
Visitedpublic
2025-09-25 17:23:08
Tags
Submit Tags
URL
45.156.87.152/hiddenbin/boatnet.spc
Finishing URL
about:privatebrowsing
IP / ASN
45.156.87.152
Title
about:privatebrowsing
Detections
urlquery
0
Network Intrusion Detection
2
Threat Detection Systems
4
Host Summary
| Host | Rank | Registered | First Seen | Last Seen | Sent | Received | IP | Fingerprints |
|---|---|---|---|---|---|---|---|---|
45.156.87.152 9 alert(s) on this Host | unknown | unknown | No data | No data | 922 B | 59 kB | 45.156.87.152 |   |
Apache HTTP Server:2.4.6 (Web servers)
Apache is a free and open-source cross-platform web server software.CentOS (Operating systems)
CentOS is a Linux distribution that provides a free, community-supported computing platform functionally compatible with its upstream source, Red Hat Enterprise Linux (RHEL).Related reports
Network Intrusion Detection Systems
Suricata /w Emerging Threats Pro
| Timestamp | Severity | Source IP | Destination IP | Alert |
|---|---|---|---|---|
| medium |  172.18.0.15 | 45.156.87.152 | ET HUNTING Suspicious GET Request for .spc File | |
| high | 45.156.87.152 | 172.18.0.15 | ET POLICY Executable and linking format (ELF) file download Over HTTP |
Threat Detection Systems
| Detection System | Indicator | Verdict | Alert |
|---|---|---|---|
| YARAhub by abuse.ch | 45.156.87.152/hiddenbin/boatnet.spc | malware | Detects Gafgyt |
| YARAhub by abuse.ch | 45.156.87.152/hiddenbin/boatnet.spc | malware | Yakuza botnet |
| Elastic Security YARA rules | 45.156.87.152/hiddenbin/boatnet.spc | malware | Linux.Trojan.Gafgyt |
| ClamAV | 45.156.87.152/hiddenbin/boatnet.spc | malicious | Unix.Dropper.Mirai-7136013-0 |
File detected
URL
45.156.87.152/hiddenbin/boatnet.spc
IP / ASN
45.156.87.152
File Overview
File TypeELF 32-bit MSB executable, SPARC, version 1 (SYSV)
Size58 kB (58376 bytes)
MD5f3ac2136eff591eb9ba8404f7c381967
SHA123e0c3ab156eff6c9acc9161d4d7535ad1b772ea
Detections
| Analyzer | Verdict | Alert |
|---|---|---|
| YARAhub by abuse.ch | malware | Detects Gafgyt |
| YARAhub by abuse.ch | malware | Yakuza botnet |
| Elastic Security YARA Rules | malware | Linux.Trojan.Gafgyt |
| Elastic Security YARA Rules | malware | Linux.Trojan.Gafgyt |
| ClamAV | malicious | Unix.Dropper.Mirai-7136013-0 |
JavaScript (0)
No JavaScripts
HTTP Transactions (2)
| URL | IP | Response | Size |
|---|