Analysis
-
max time kernel
148s -
max time network
151s -
platform
debian-9_mips -
resource
debian9-mipsbe-20240611-en -
resource tags
arch:mipsimage:debian9-mipsbe-20240611-enkernel:4.9.0-13-4kc-maltalocale:en-usos:debian-9-mipssystem -
submitted
02/08/2024, 15:08
General
-
Target
91.92.252.2-boatnet.mips-2024-07-28T120420.elf
-
Size
26KB
-
MD5
11c5334c8c0caf698fed8fb46a9d37fb
-
SHA1
08a5dcea9ee3b22a0bcafd6903f0377eeffa4532
-
SHA256
42ab0ab2e4804f75963f4fd69ad812bc95a8dcf6a5fb865f338b2482abbaae95
-
SHA512
ed0ec3799a8f4fddf7c81cadd2652ecd388450f1bd794e62ff79144169710e853a8406c20ba937b37c202fc3e667cfefae5827ed563048037de1d0199f5f9c5f
-
SSDEEP
768:gxpY4E04euThOyt5v5PVUDJgGlzDpbuR1Jh:QzE04e2H1PAVJuD
Malware Config
Extracted
Family
mirai
Botnet
LZRD
Signatures
-
Modifies Watchdog functionality 1 TTPs 2 IoCs
Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.
description ioc Process File opened for modification /dev/watchdog 91.92.252.2-boatnet.mips-2024-07-28T120420.elf File opened for modification /dev/misc/watchdog 91.92.252.2-boatnet.mips-2024-07-28T120420.elf -
Writes file to system bin folder 1 TTPs 2 IoCs
description ioc Process File opened for modification /bin/watchdog 91.92.252.2-boatnet.mips-2024-07-28T120420.elf File opened for modification /sbin/watchdog 91.92.252.2-boatnet.mips-2024-07-28T120420.elf