Analysis

  • max time kernel
    152s
  • max time network
    11s
  • platform
    debian-9_armhf
  • resource
    debian9-armhf-20231026-en
  • resource tags

    arch:armhfimage:debian9-armhf-20231026-enkernel:4.9.0-13-armmp-lpaelocale:en-usos:debian-9-armhfsystem
  • submitted
    23/11/2023, 18:51

General

  • Target

    boatnet.arm7.elf

  • Size

    45KB

  • MD5

    dc77e67843b5888482ef09df0ee11f11

  • SHA1

    d2c3d467b94cce382daaa1bc625b9f871c77eba9

  • SHA256

    3cda4f664e68392fed077781143242268842a8a13e998508ce4128d84257004a

  • SHA512

    2150c49dc33e4c9ef5113efbe2f860f7fbeed2467d82a9791e2e9be01a7ebd1c4c48a0f163f32be41d915aaf2ac8e17388d84e779a31a93d9c41b227adeb9318

  • SSDEEP

    768:g/TYCoIxdEk+AxoTZAZHFeq8b3c19q3UELbUXfi6nVMQHI4vcGpv4:gECFd+A6YHAx3LRQZ4

Score
10/10

Malware Config

Extracted

Family

mirai

Botnet

LZRD

Signatures

  • Mirai

    Mirai is a prevalent Linux malware infecting exposed network devices.

  • Modifies Watchdog functionality 1 TTPs 2 IoCs

    Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.

  • Enumerates running processes

    Discovers information about currently running processes on the system

  • Writes file to system bin folder 1 TTPs 2 IoCs
  • Reads runtime system information 39 IoCs

    Reads data from /proc virtual filesystem.

Processes

  • /tmp/boatnet.arm7.elf
    /tmp/boatnet.arm7.elf
    1⤵
    • Reads runtime system information
    PID:680

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads