47b96a431b32864f4592c8be1edfb3ed95214a10fd3762696461de775043e3e4

Analysis

max time kernel
20784s
max time network
158s
platform
linux_armhf
resource
debian9-armhf-en-20211208
resource tags

arch:armhfimage:debian9-armhf-en-20211208kernel:4.9.0-13-armmp-lpaelocale:en-usos:debian-9-armhfsystem
submitted
06-08-2022 06:26

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

boatnet.arm7
Size

45KB
MD5

dedb81a51e12e349d2b9a8f6c34c5aee
SHA1

282cd96562ff764404fc71cb2ba09c0dbba7135e
SHA256

47b96a431b32864f4592c8be1edfb3ed95214a10fd3762696461de775043e3e4
SHA512

4e18cdc86a73aec23a8b355911f56c32177dca3ac85d6b71ebca4d0a8fe39c1ae79d24697a5f40048fdfb09c2d6d90dd2386fbe4ed31a385f2ef7bfb710c3bfe

Score

9^/10

Malware Config

Signatures

Modifies the Watchdog daemon 1 TTPs
Malware like Mirai modify the Watchdog to prevent it restarting an infected system.

Impair Defenses
T1562
Writes file to system bin folder 1 TTPs 2 IoCs

Hijack Execution Flow
T1574

Processes:

description ioc

/bin/watchdog /bin/watchdog
/sbin/watchdog /sbin/watchdog

description	ioc
/bin/watchdog	/bin/watchdog
/sbin/watchdog	/sbin/watchdog

Reads runtime system information 24 IoCs

Reads data from /proc virtual filesystem.

Processes:

boatnet.arm7

description	ioc
/proc/442/cmdline	/proc/442/cmdline
/proc/443/cmdline	/proc/443/cmdline
/proc/455/cmdline	/proc/455/cmdline
/proc/459/cmdline	/proc/459/cmdline
/proc/409/cmdline	/proc/409/cmdline
/proc/420/cmdline	/proc/420/cmdline
/proc/438/cmdline	/proc/438/cmdline
/proc/432/cmdline	/proc/432/cmdline
/proc/469/cmdline	/proc/469/cmdline
/proc/491/cmdline	/proc/491/cmdline
/proc/	/proc/
/proc/402/cmdline	/proc/402/cmdline
/proc/404/cmdline	/proc/404/cmdline
/proc/447/cmdline	/proc/447/cmdline
/proc/452/cmdline	/proc/452/cmdline
/proc/475/cmdline	/proc/475/cmdline
/proc/477/cmdline	/proc/477/cmdline
/proc/401/cmdline	/proc/401/cmdline
/proc/410/cmdline	/proc/410/cmdline
/proc/414/cmdline	/proc/414/cmdline
/proc/485/cmdline	/proc/485/cmdline
/proc/self/exe	/proc/self/exe	boatnet.arm7
/proc/426/cmdline	/proc/426/cmdline
/proc/465/cmdline	/proc/465/cmdline

/tmp/boatnet.arm7
/tmp/boatnet.arm7
1⤵
- Reads runtime system information
PID:354

Network

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Hijack Execution Flow

T1574

Privilege Escalation

Hijack Execution Flow

T1574

Defense Evasion

Impair Defenses

T1562

Hijack Execution Flow

T1574

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix ATT&CK v6

Replay Monitor

Loading Replay Monitor...

Downloads