Analysis Overview
score
10/10
SHA256
6fcec39c841467b8ef53dab6f9acada11898ba46b5eeefde95132dcd88f23782
Threat Level: Known bad
The file boatnet.mpsl.elf was found to be: Known bad.
Malicious Activity Summary
Mirai
Mirai family
Modifies Watchdog functionality
Writes file to system bin folder
UPX packed file
Reads runtime system information
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-11-09 04:09
Signatures
UPX packed file
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Analysis: behavioral1
Detonation Overview
Submitted
2024-11-09 04:09
Reported
2024-11-09 04:11
Platform
debian12-mipsel-20240221-en
Max time kernel
150s
Max time network
10s
Command Line
[/tmp/boatnet.mpsl.elf]
Signatures
Mirai
Mirai family
Modifies Watchdog functionality
| Description | Indicator | Process | Target |
| File opened for modification | /dev/misc/watchdog | /tmp/boatnet.mpsl.elf | N/A |
| File opened for modification | /dev/watchdog | /tmp/boatnet.mpsl.elf | N/A |
Writes file to system bin folder
| Description | Indicator | Process | Target |
| File opened for modification | /sbin/watchdog | /tmp/boatnet.mpsl.elf | N/A |
| File opened for modification | /bin/watchdog | /tmp/boatnet.mpsl.elf | N/A |
Reads runtime system information
| Description | Indicator | Process | Target |
| File opened for reading | /proc/716/cmdline | /tmp/boatnet.mpsl.elf | N/A |
| File opened for reading | /proc/717/cmdline | /tmp/boatnet.mpsl.elf | N/A |
| File opened for reading | /proc/720/cmdline | /tmp/boatnet.mpsl.elf | N/A |
| File opened for reading | /proc/732/cmdline | /tmp/boatnet.mpsl.elf | N/A |
| File opened for reading | /proc/745/cmdline | /tmp/boatnet.mpsl.elf | N/A |
| File opened for reading | /proc/414/cmdline | /tmp/boatnet.mpsl.elf | N/A |
| File opened for reading | /proc/710/cmdline | /tmp/boatnet.mpsl.elf | N/A |
| File opened for reading | /proc/666/cmdline | /tmp/boatnet.mpsl.elf | N/A |
| File opened for reading | /proc/697/cmdline | /tmp/boatnet.mpsl.elf | N/A |
| File opened for reading | /proc/750/cmdline | /tmp/boatnet.mpsl.elf | N/A |
| File opened for reading | /proc/679/cmdline | /tmp/boatnet.mpsl.elf | N/A |
| File opened for reading | /proc/680/cmdline | /tmp/boatnet.mpsl.elf | N/A |
| File opened for reading | /proc/733/cmdline | /tmp/boatnet.mpsl.elf | N/A |
| File opened for reading | /proc/668/cmdline | /tmp/boatnet.mpsl.elf | N/A |
| File opened for reading | /proc/695/cmdline | /tmp/boatnet.mpsl.elf | N/A |
Processes
/tmp/boatnet.mpsl.elf
[/tmp/boatnet.mpsl.elf]
Network
| Country | Destination | Domain | Proto |
| GB | 77.221.151.63:3778 | tcp | |
| US | 1.1.1.1:53 | debian12-mipsel-20240221-en-13 | udp |
| US | 1.1.1.1:53 | debian12-mipsel-20240221-en-13 | udp |
| US | 1.1.1.1:53 | debian12-mipsel-20240221-en-13 | udp |
| US | 1.1.1.1:53 | debian12-mipsel-20240221-en-13 | udp |
Files
memory/740-1-0x00400000-0x00452a58-memory.dmp