Analysis
-
max time kernel
20785s -
max time network
103s -
platform
linux_amd64 -
resource
ubuntu1804-amd64-en-20211208 -
resource tags
arch:amd64arch:i386image:ubuntu1804-amd64-en-20211208kernel:4.15.0-161-genericlocale:en-usos:ubuntu-18.04-amd64system -
submitted
06-08-2022 06:26
Static task
static1
Behavioral task
behavioral1
Sample
boatnet.x86_64
Resource
ubuntu1804-amd64-en-20211208
ubuntu-18.04-amd64
3 signatures
150 seconds
General
-
Target
boatnet.x86_64
-
Size
22KB
-
MD5
571b51f69986c6be58c2ba651b02222a
-
SHA1
4ec598fcb3e50c6b35518dcd41128349929f5923
-
SHA256
e67719fec199a4bd74c3e5946016c2561e6d299ce62eb648a60c0f433a61df7b
-
SHA512
feeab7d3971d9e129870d940446c6bafed63aa791aa9fc068641781be5e001414aa3bf7c939466c122634d857b75c8b2423c28bc0e471db0efc8c87a9dd4f169
Score
9/10
Malware Config
Signatures
-
Modifies the Watchdog daemon 1 TTPs
Malware like Mirai modify the Watchdog to prevent it restarting an infected system.
-
Writes file to system bin folder 1 TTPs 2 IoCs
Processes:
description ioc /sbin/watchdog /sbin/watchdog /bin/watchdog /bin/watchdog -
Reads runtime system information 16 IoCs
Reads data from /proc virtual filesystem.
Processes:
description ioc /proc/418/cmdline /proc/418/cmdline /proc/580/cmdline /proc/580/cmdline /proc/585/cmdline /proc/585/cmdline /proc/616/cmdline /proc/616/cmdline /proc/574/cmdline /proc/574/cmdline /proc/660/cmdline /proc/660/cmdline /proc/416/cmdline /proc/416/cmdline /proc/447/cmdline /proc/447/cmdline /proc/656/cmdline /proc/656/cmdline /proc/668/cmdline /proc/668/cmdline /proc/594/cmdline /proc/594/cmdline /proc/598/cmdline /proc/598/cmdline /proc/ /proc/ /proc/420/cmdline /proc/420/cmdline /proc/458/cmdline /proc/458/cmdline /proc/579/cmdline /proc/579/cmdline