Analysis
-
max time kernel
152s -
max time network
134s -
platform
ubuntu-18.04_amd64 -
resource
ubuntu1804-amd64-20221125-en -
resource tags
arch:amd64arch:i386image:ubuntu1804-amd64-20221125-enkernel:4.15.0-161-genericlocale:en-usos:ubuntu-18.04-amd64system -
submitted
14-05-2023 08:27
General
-
Target
boatnet.x86.elf
-
Size
20KB
-
MD5
3be4c48159951b14311c8dbf861acb57
-
SHA1
328b958bbe35d3f3a1a0f54c7082e60f46213ded
-
SHA256
3495c9a42b188b501d941d80d90d675e53d10cf9048f257d5c96cd8287a0b310
-
SHA512
804076dca985f3989074be5a6981a557b114ebccb0bacbbc3883c417b7e38f64e4527bc8002fdf9217d947a0bc6d04b8e80cb80e1bae68dbf0890bd5ed6085b1
-
SSDEEP
384:M0hLpj8s/qPui8uZxoIA57RWQjJiEVi+ZkXa2UbDib+502F2vwA9B1fKVVXC6Sya:T98o08kxofBE+ZkXaXDibp2F2n8VVXCN
Malware Config
Extracted
Family
mirai
Botnet
LZRD
Signatures
-
Modifies the Watchdog daemon 1 TTPs
Malware like Mirai modify the Watchdog to prevent it restarting an infected system.
-
Writes file to system bin folder 1 TTPs 2 IoCs
Processes:
description ioc File opened for modification /sbin/watchdog File opened for modification /bin/watchdog -
Reads runtime system information 14 IoCs
Reads data from /proc virtual filesystem.
Processes:
description ioc File opened for reading /proc/403/cmdline File opened for reading /proc/409/cmdline File opened for reading /proc/595/cmdline File opened for reading /proc/621/cmdline File opened for reading /proc/404/cmdline File opened for reading /proc/426/cmdline File opened for reading /proc/597/cmdline File opened for reading /proc/546/cmdline File opened for reading /proc/596/cmdline File opened for reading /proc/611/cmdline File opened for reading /proc/612/cmdline File opened for reading /proc/569/cmdline File opened for reading /proc/598/cmdline File opened for reading /proc/627/cmdline
Network
MITRE ATT&CK Matrix ATT&CK v6
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/608-1-0x0000000008048000-0x00000000080547a0-memory.dmp