Overview

overview

9

Static

static

boatnet.mips

debian-9-mips

9

Sharing

Copy URL
Twitter E-mail

General

  • Target

    boatnet.mips

  • Size

    23KB

  • Sample

    220806-g67c8aeab2

  • MD5

    79eb5c25f9b8ad788b751ae4d1af8461

  • SHA1

    931ab52a887af358552fa647513837e0ec66d4b2

  • SHA256

    43c29ea8811897f923c3919930f90a745ca661d3fe6c3155b085e1fdc23a8807

  • SHA512

    b881d197c122a8f295effde7a3d7c39010527495164ccaea51c7ff7d2e6642c128c7414e2884d511b6b614966eefd660418d4c293ca780ba31e1a7795ebb0a84

Score
9/10

Malware Config

Targets

    • Target

      boatnet.mips

    • Size

      23KB

    • MD5

      79eb5c25f9b8ad788b751ae4d1af8461

    • SHA1

      931ab52a887af358552fa647513837e0ec66d4b2

    • SHA256

      43c29ea8811897f923c3919930f90a745ca661d3fe6c3155b085e1fdc23a8807

    • SHA512

      b881d197c122a8f295effde7a3d7c39010527495164ccaea51c7ff7d2e6642c128c7414e2884d511b6b614966eefd660418d4c293ca780ba31e1a7795ebb0a84

    Score
    9/10

    • Modifies the Watchdog daemon

      Malware like Mirai modify the Watchdog to prevent it restarting an infected system.

    • Writes file to system bin folder

    • Reads runtime system information

      Reads data from /proc virtual filesystem.

    behavioral1

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Hijack Execution Flow

1
T1574

Privilege Escalation

Hijack Execution Flow

1
T1574

Defense Evasion

Impair Defenses

1
T1562

Hijack Execution Flow

1
T1574

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks