Analysis Overview
SHA256
cdf3f41e3ad38f3081c882ac25d15d03b9e85b7b7021cbd32a6c504acd353aab
Threat Level: Known bad
The file boatnet.mips.elf was found to be: Known bad.
Malicious Activity Summary
Mirai
Mirai family
Modifies Watchdog functionality
Enumerates running processes
Writes file to system bin folder
UPX packed file
Reads runtime system information
System Network Configuration Discovery
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-11-09 04:10
Signatures
UPX packed file
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Analysis: behavioral1
Detonation Overview
Submitted
2024-11-09 04:10
Reported
2024-11-09 04:12
Platform
debian9-mipsbe-20240611-en
Max time kernel
150s
Max time network
11s
Command Line
Signatures
Mirai
Mirai family
Modifies Watchdog functionality
| Description | Indicator | Process | Target |
| File opened for modification | /dev/watchdog | /tmp/boatnet.mips.elf | N/A |
| File opened for modification | /dev/misc/watchdog | /tmp/boatnet.mips.elf | N/A |
Enumerates running processes
Writes file to system bin folder
| Description | Indicator | Process | Target |
| File opened for modification | /sbin/watchdog | /tmp/boatnet.mips.elf | N/A |
| File opened for modification | /bin/watchdog | /tmp/boatnet.mips.elf | N/A |
Reads runtime system information
| Description | Indicator | Process | Target |
| File opened for reading | /proc/774/cmdline | /tmp/boatnet.mips.elf | N/A |
| File opened for reading | /proc/463/cmdline | /tmp/boatnet.mips.elf | N/A |
| File opened for reading | /proc/691/cmdline | /tmp/boatnet.mips.elf | N/A |
| File opened for reading | /proc/769/cmdline | /tmp/boatnet.mips.elf | N/A |
| File opened for reading | /proc/771/cmdline | /tmp/boatnet.mips.elf | N/A |
| File opened for reading | /proc/790/cmdline | /tmp/boatnet.mips.elf | N/A |
| File opened for reading | /proc/493/cmdline | /tmp/boatnet.mips.elf | N/A |
| File opened for reading | /proc/748/cmdline | /tmp/boatnet.mips.elf | N/A |
| File opened for reading | /proc/701/cmdline | /tmp/boatnet.mips.elf | N/A |
| File opened for reading | /proc/703/cmdline | /tmp/boatnet.mips.elf | N/A |
| File opened for reading | /proc/708/cmdline | /tmp/boatnet.mips.elf | N/A |
| File opened for reading | /proc/456/cmdline | /tmp/boatnet.mips.elf | N/A |
| File opened for reading | /proc/690/cmdline | /tmp/boatnet.mips.elf | N/A |
| File opened for reading | /proc/763/cmdline | /tmp/boatnet.mips.elf | N/A |
| File opened for reading | /proc/778/cmdline | /tmp/boatnet.mips.elf | N/A |
| File opened for reading | /proc/804/cmdline | /tmp/boatnet.mips.elf | N/A |
| File opened for reading | /proc/494/cmdline | /tmp/boatnet.mips.elf | N/A |
| File opened for reading | /proc/736/cmdline | /tmp/boatnet.mips.elf | N/A |
| File opened for reading | /proc/759/cmdline | /tmp/boatnet.mips.elf | N/A |
| File opened for reading | /proc/768/cmdline | /tmp/boatnet.mips.elf | N/A |
| File opened for reading | /proc/807/cmdline | /tmp/boatnet.mips.elf | N/A |
| File opened for reading | /proc/696/cmdline | /tmp/boatnet.mips.elf | N/A |
| File opened for reading | /proc/726/cmdline | /tmp/boatnet.mips.elf | N/A |
| File opened for reading | /proc/784/cmdline | /tmp/boatnet.mips.elf | N/A |
| File opened for reading | /proc/697/cmdline | /tmp/boatnet.mips.elf | N/A |
| File opened for reading | /proc/760/cmdline | /tmp/boatnet.mips.elf | N/A |
| File opened for reading | /proc/742/cmdline | /tmp/boatnet.mips.elf | N/A |
| File opened for reading | /proc/676/cmdline | /tmp/boatnet.mips.elf | N/A |
| File opened for reading | /proc/695/cmdline | /tmp/boatnet.mips.elf | N/A |
System Network Configuration Discovery
| Description | Indicator | Process | Target |
| N/A | N/A | /tmp/boatnet.mips.elf | N/A |
Processes
/tmp/boatnet.mips.elf
[/tmp/boatnet.mips.elf]
Network
| Country | Destination | Domain | Proto |
| GB | 77.221.151.63:3778 | tcp |
Files
memory/698-1-0x00400000-0x00451a58-memory.dmp