Analysis
-
max time kernel
150s -
max time network
141s -
platform
debian-9_mips -
resource
debian9-mipsbe-20221111-en -
resource tags
arch:mipsimage:debian9-mipsbe-20221111-enkernel:4.9.0-13-4kc-maltalocale:en-usos:debian-9-mipssystem -
submitted
01-05-2023 11:51
General
-
Target
boatnet.mips.elf
-
Size
23KB
-
MD5
670e074cb679fb1e597d1899ed452bf6
-
SHA1
70aabf5ddacd2c0d140caf0fb11126d47d6c1f08
-
SHA256
ef6d5693b7fe6549fdfaf2e4dd4b29668ffad69cb7cb6e195521bfb48d6deb9a
-
SHA512
369356dd939675a5015b134f9603710fff0e16d951859575ec78107053cc723a1c25e1734edc5d206904c2fe10b3039ab1dbd1138ec6b7b7c05e21e7e7b04355
-
SSDEEP
384:YeD8ZSH2LLZUYyGZbsOiTrowSN9rnZMINlphQ/HYtuiOmdtJgGlzDpH7uNj1JA4P:YeD8ZSWvZHZbs1row697qohQvg9OitJc
Malware Config
Extracted
Family
mirai
Botnet
LZRD
Signatures
-
Modifies the Watchdog daemon 1 TTPs
Malware like Mirai modify the Watchdog to prevent it restarting an infected system.
-
Writes file to system bin folder 1 TTPs 2 IoCs
Processes:
description ioc File opened for modification /sbin/watchdog File opened for modification /bin/watchdog -
Reads runtime system information 5 IoCs
Reads data from /proc virtual filesystem.
Processes:
description ioc File opened for reading /proc/401/cmdline File opened for reading /proc/402/cmdline File opened for reading /proc/403/cmdline File opened for reading /proc/404/cmdline File opened for reading /proc/408/cmdline
Network
MITRE ATT&CK Matrix ATT&CK v6
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/327-1-0x00400000-0x00451a58-memory.dmp