Analysis

  • max time kernel
    149s
  • max time network
    129s
  • platform
    ubuntu-18.04_amd64
  • resource
    ubuntu1804-amd64-20240226-en
  • resource tags

    arch:amd64arch:i386image:ubuntu1804-amd64-20240226-enkernel:4.15.0-213-genericlocale:en-usos:ubuntu-18.04-amd64system
  • submitted
    06-05-2024 23:20

General

  • Target

    boatnet.x86_64.elf

  • Size

    25KB

  • MD5

    4f6cf0b40a415773ca13429a35d828e5

  • SHA1

    7c215ea3900aeffcf0658ac55168ae1556db3785

  • SHA256

    29642627d91e46c9521d796f37b06af53ce26ccaa79b6a531c4646d8eb0a0bb7

  • SHA512

    022a23b6c40164a7d669b30b3adf806b3ec122e62180fcb0bd45f7786fcf89ee0c9cf014e018d29341dcb8f21a1b713070e5efc98b95d86fc86dd15e1180b551

  • SSDEEP

    768:VVVhKh+3d5fe3DhgLi/9ib4Ce1rx2YpJlrsYN:h4OvfeTh9NrlAYN

Score
10/10

Malware Config

Extracted

Family

mirai

Botnet

LZRD

Signatures

  • Mirai

    Mirai is a prevalent Linux malware infecting exposed network devices.

  • Modifies Watchdog functionality 1 TTPs 2 IoCs

    Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.

  • Enumerates running processes

    Discovers information about currently running processes on the system

  • Writes file to system bin folder 1 TTPs 2 IoCs
  • Reads runtime system information 64 IoCs

    Reads data from /proc virtual filesystem.

Processes

  • /tmp/boatnet.x86_64.elf
    /tmp/boatnet.x86_64.elf
    1⤵
    • Modifies Watchdog functionality
    • Writes file to system bin folder
    • Reads runtime system information
    PID:1544

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/1544-1-0x0000000000400000-0x0000000000612cb8-memory.dmp