Analysis
-
max time kernel
20784s -
max time network
158s -
platform
linux_armhf -
resource
debian9-armhf-en-20211208 -
resource tags
arch:armhfimage:debian9-armhf-en-20211208kernel:4.9.0-13-armmp-lpaelocale:en-usos:debian-9-armhfsystem -
submitted
06-08-2022 06:26
Static task
static1
Behavioral task
behavioral1
Sample
boatnet.arm7
Resource
debian9-armhf-en-20211208
debian-9-armhf
3 signatures
150 seconds
General
-
Target
boatnet.arm7
-
Size
45KB
-
MD5
dedb81a51e12e349d2b9a8f6c34c5aee
-
SHA1
282cd96562ff764404fc71cb2ba09c0dbba7135e
-
SHA256
47b96a431b32864f4592c8be1edfb3ed95214a10fd3762696461de775043e3e4
-
SHA512
4e18cdc86a73aec23a8b355911f56c32177dca3ac85d6b71ebca4d0a8fe39c1ae79d24697a5f40048fdfb09c2d6d90dd2386fbe4ed31a385f2ef7bfb710c3bfe
Score
9/10
Malware Config
Signatures
-
Modifies the Watchdog daemon 1 TTPs
Malware like Mirai modify the Watchdog to prevent it restarting an infected system.
-
Writes file to system bin folder 1 TTPs 2 IoCs
Processes:
description ioc /bin/watchdog /bin/watchdog /sbin/watchdog /sbin/watchdog -
Reads runtime system information 24 IoCs
Reads data from /proc virtual filesystem.
Processes:
boatnet.arm7description ioc /proc/442/cmdline /proc/442/cmdline /proc/443/cmdline /proc/443/cmdline /proc/455/cmdline /proc/455/cmdline /proc/459/cmdline /proc/459/cmdline /proc/409/cmdline /proc/409/cmdline /proc/420/cmdline /proc/420/cmdline /proc/438/cmdline /proc/438/cmdline /proc/432/cmdline /proc/432/cmdline /proc/469/cmdline /proc/469/cmdline /proc/491/cmdline /proc/491/cmdline /proc/ /proc/ /proc/402/cmdline /proc/402/cmdline /proc/404/cmdline /proc/404/cmdline /proc/447/cmdline /proc/447/cmdline /proc/452/cmdline /proc/452/cmdline /proc/475/cmdline /proc/475/cmdline /proc/477/cmdline /proc/477/cmdline /proc/401/cmdline /proc/401/cmdline /proc/410/cmdline /proc/410/cmdline /proc/414/cmdline /proc/414/cmdline /proc/485/cmdline /proc/485/cmdline /proc/self/exe /proc/self/exe boatnet.arm7 /proc/426/cmdline /proc/426/cmdline /proc/465/cmdline /proc/465/cmdline