Analysis Overview
score
10/10
SHA256
e2a04bd1fb1e7ed211e3ee19b08337b6361d695278417d5a21ba602ca7eb99b4
Threat Level: Known bad
The file boatnet.x86.elf was found to be: Known bad.
Malicious Activity Summary
Mirai
Mirai family
Modifies Watchdog functionality
Enumerates running processes
Writes file to system bin folder
UPX packed file
Reads runtime system information
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-11-09 04:10
Signatures
UPX packed file
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Analysis: behavioral1
Detonation Overview
Submitted
2024-11-09 04:10
Reported
2024-11-09 04:12
Platform
ubuntu2204-amd64-20240729-en
Max time kernel
149s
Max time network
130s
Command Line
[/tmp/boatnet.x86.elf]
Signatures
Mirai
Mirai family
Modifies Watchdog functionality
| Description | Indicator | Process | Target |
| File opened for modification | /dev/watchdog | /tmp/boatnet.x86.elf | N/A |
| File opened for modification | /dev/misc/watchdog | /tmp/boatnet.x86.elf | N/A |
Enumerates running processes
Writes file to system bin folder
| Description | Indicator | Process | Target |
| File opened for modification | /bin/watchdog | /tmp/boatnet.x86.elf | N/A |
| File opened for modification | /sbin/watchdog | /tmp/boatnet.x86.elf | N/A |
Reads runtime system information
| Description | Indicator | Process | Target |
| File opened for reading | /proc/416/cmdline | /tmp/boatnet.x86.elf | N/A |
| File opened for reading | /proc/642/cmdline | /tmp/boatnet.x86.elf | N/A |
| File opened for reading | /proc/771/cmdline | /tmp/boatnet.x86.elf | N/A |
| File opened for reading | /proc/831/cmdline | /tmp/boatnet.x86.elf | N/A |
| File opened for reading | /proc/965/cmdline | /tmp/boatnet.x86.elf | N/A |
| File opened for reading | /proc/1039/cmdline | /tmp/boatnet.x86.elf | N/A |
| File opened for reading | /proc/1044/cmdline | /tmp/boatnet.x86.elf | N/A |
| File opened for reading | /proc/1201/cmdline | /tmp/boatnet.x86.elf | N/A |
| File opened for reading | /proc/1323/cmdline | /tmp/boatnet.x86.elf | N/A |
| File opened for reading | /proc/1059/cmdline | /tmp/boatnet.x86.elf | N/A |
| File opened for reading | /proc/1290/cmdline | /tmp/boatnet.x86.elf | N/A |
| File opened for reading | /proc/639/cmdline | /tmp/boatnet.x86.elf | N/A |
| File opened for reading | /proc/997/cmdline | /tmp/boatnet.x86.elf | N/A |
| File opened for reading | /proc/414/cmdline | /tmp/boatnet.x86.elf | N/A |
| File opened for reading | /proc/1129/cmdline | /tmp/boatnet.x86.elf | N/A |
| File opened for reading | /proc/1187/cmdline | /tmp/boatnet.x86.elf | N/A |
| File opened for reading | /proc/671/cmdline | /tmp/boatnet.x86.elf | N/A |
| File opened for reading | /proc/744/cmdline | /tmp/boatnet.x86.elf | N/A |
| File opened for reading | /proc/959/cmdline | /tmp/boatnet.x86.elf | N/A |
| File opened for reading | /proc/1164/cmdline | /tmp/boatnet.x86.elf | N/A |
| File opened for reading | /proc/1495/cmdline | /tmp/boatnet.x86.elf | N/A |
| File opened for reading | /proc/773/cmdline | /tmp/boatnet.x86.elf | N/A |
| File opened for reading | /proc/874/cmdline | /tmp/boatnet.x86.elf | N/A |
| File opened for reading | /proc/1170/cmdline | /tmp/boatnet.x86.elf | N/A |
| File opened for reading | /proc/532/cmdline | /tmp/boatnet.x86.elf | N/A |
| File opened for reading | /proc/726/cmdline | /tmp/boatnet.x86.elf | N/A |
| File opened for reading | /proc/862/cmdline | /tmp/boatnet.x86.elf | N/A |
| File opened for reading | /proc/1245/cmdline | /tmp/boatnet.x86.elf | N/A |
| File opened for reading | /proc/1367/cmdline | /tmp/boatnet.x86.elf | N/A |
| File opened for reading | /proc/1457/cmdline | /tmp/boatnet.x86.elf | N/A |
| File opened for reading | /proc/619/cmdline | /tmp/boatnet.x86.elf | N/A |
| File opened for reading | /proc/636/cmdline | /tmp/boatnet.x86.elf | N/A |
| File opened for reading | /proc/1426/cmdline | /tmp/boatnet.x86.elf | N/A |
| File opened for reading | /proc/410/cmdline | /tmp/boatnet.x86.elf | N/A |
| File opened for reading | /proc/504/cmdline | /tmp/boatnet.x86.elf | N/A |
| File opened for reading | /proc/667/cmdline | /tmp/boatnet.x86.elf | N/A |
| File opened for reading | /proc/1060/cmdline | /tmp/boatnet.x86.elf | N/A |
| File opened for reading | /proc/1107/cmdline | /tmp/boatnet.x86.elf | N/A |
| File opened for reading | /proc/1230/cmdline | /tmp/boatnet.x86.elf | N/A |
| File opened for reading | /proc/1305/cmdline | /tmp/boatnet.x86.elf | N/A |
| File opened for reading | /proc/1375/cmdline | /tmp/boatnet.x86.elf | N/A |
| File opened for reading | /proc/637/cmdline | /tmp/boatnet.x86.elf | N/A |
| File opened for reading | /proc/643/cmdline | /tmp/boatnet.x86.elf | N/A |
| File opened for reading | /proc/1019/cmdline | /tmp/boatnet.x86.elf | N/A |
| File opened for reading | /proc/1166/cmdline | /tmp/boatnet.x86.elf | N/A |
| File opened for reading | /proc/1216/cmdline | /tmp/boatnet.x86.elf | N/A |
| File opened for reading | /proc/1086/cmdline | /tmp/boatnet.x86.elf | N/A |
| File opened for reading | /proc/1320/cmdline | /tmp/boatnet.x86.elf | N/A |
| File opened for reading | /proc/778/cmdline | /tmp/boatnet.x86.elf | N/A |
| File opened for reading | /proc/1174/cmdline | /tmp/boatnet.x86.elf | N/A |
| File opened for reading | /proc/1192/cmdline | /tmp/boatnet.x86.elf | N/A |
| File opened for reading | /proc/1444/cmdline | /tmp/boatnet.x86.elf | N/A |
| File opened for reading | /proc/1515/cmdline | /tmp/boatnet.x86.elf | N/A |
| File opened for reading | /proc/611/cmdline | /tmp/boatnet.x86.elf | N/A |
| File opened for reading | /proc/740/cmdline | /tmp/boatnet.x86.elf | N/A |
| File opened for reading | /proc/992/cmdline | /tmp/boatnet.x86.elf | N/A |
| File opened for reading | /proc/1168/cmdline | /tmp/boatnet.x86.elf | N/A |
| File opened for reading | /proc/427/cmdline | /tmp/boatnet.x86.elf | N/A |
| File opened for reading | /proc/608/cmdline | /tmp/boatnet.x86.elf | N/A |
| File opened for reading | /proc/1092/cmdline | /tmp/boatnet.x86.elf | N/A |
| File opened for reading | /proc/1167/cmdline | /tmp/boatnet.x86.elf | N/A |
| File opened for reading | /proc/1269/cmdline | /tmp/boatnet.x86.elf | N/A |
| File opened for reading | /proc/693/cmdline | /tmp/boatnet.x86.elf | N/A |
| File opened for reading | /proc/870/cmdline | /tmp/boatnet.x86.elf | N/A |
Processes
/tmp/boatnet.x86.elf
[/tmp/boatnet.x86.elf]
Network
| Country | Destination | Domain | Proto |
| N/A | 224.0.0.251:5353 | udp | |
| GB | 77.221.151.63:3778 | tcp |
Files
memory/1574-1-0x0000000008048000-0x00000000080547a0-memory.dmp