Analysis
-
max time kernel
149s -
max time network
129s -
platform
ubuntu-22.04_amd64 -
resource
ubuntu2204-amd64-20240522.1-en -
resource tags
arch:amd64arch:i386image:ubuntu2204-amd64-20240522.1-enkernel:5.15.0-105-genericlocale:en-usos:ubuntu-22.04-amd64system -
submitted
09-11-2024 04:14
Behavioral task
behavioral1
Sample
boatnet.x86.elf
Resource
ubuntu2204-amd64-20240522.1-en
6 signatures
150 seconds
General
-
Target
boatnet.x86.elf
-
Size
20KB
-
MD5
895badd48eed0c0e0ba14e8d5967e7bb
-
SHA1
3c4c22665e6197841f7e68f941a4a27dca3d4d8d
-
SHA256
e2a04bd1fb1e7ed211e3ee19b08337b6361d695278417d5a21ba602ca7eb99b4
-
SHA512
dfc79a34d1694b7e4422fa4861bf475b3efe2398df684126e71293880f51f4bf39f396fb5c5e36a2c12944c7406e86cac09c3d3b8c432194aab976c8b7e94af7
-
SSDEEP
384:M0DLpj8s/qPui8uZxoIA57RWQjJiEVi+ZkXadmTb+502F2vwA9dWuMW21bAK1oTR:x98o08kxofBE+ZkXaITbp2F2TWul0c51
Score
10/10
Malware Config
Extracted
Family
mirai
Botnet
LZRD
Signatures
-
Mirai family
-
Modifies Watchdog functionality 1 TTPs 2 IoCs
Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.
Processes:
boatnet.x86.elfdescription ioc process File opened for modification /dev/misc/watchdog boatnet.x86.elf File opened for modification /dev/watchdog boatnet.x86.elf -
Enumerates running processes
Discovers information about currently running processes on the system
-
Writes file to system bin folder 2 IoCs
Processes:
boatnet.x86.elfdescription ioc process File opened for modification /sbin/watchdog boatnet.x86.elf File opened for modification /bin/watchdog boatnet.x86.elf -
Processes:
boatnet.x86.elfdescription ioc process File opened for reading /proc/589/cmdline boatnet.x86.elf File opened for reading /proc/1068/cmdline boatnet.x86.elf File opened for reading /proc/1190/cmdline boatnet.x86.elf File opened for reading /proc/771/cmdline boatnet.x86.elf File opened for reading /proc/1034/cmdline boatnet.x86.elf File opened for reading /proc/739/cmdline boatnet.x86.elf File opened for reading /proc/748/cmdline boatnet.x86.elf File opened for reading /proc/796/cmdline boatnet.x86.elf File opened for reading /proc/1279/cmdline boatnet.x86.elf File opened for reading /proc/1426/cmdline boatnet.x86.elf File opened for reading /proc/427/cmdline boatnet.x86.elf File opened for reading /proc/740/cmdline boatnet.x86.elf File opened for reading /proc/1275/cmdline boatnet.x86.elf File opened for reading /proc/1394/cmdline boatnet.x86.elf File opened for reading /proc/992/cmdline boatnet.x86.elf File opened for reading /proc/1057/cmdline boatnet.x86.elf File opened for reading /proc/415/cmdline boatnet.x86.elf File opened for reading /proc/634/cmdline boatnet.x86.elf File opened for reading /proc/789/cmdline boatnet.x86.elf File opened for reading /proc/1123/cmdline boatnet.x86.elf File opened for reading /proc/1184/cmdline boatnet.x86.elf File opened for reading /proc/416/cmdline boatnet.x86.elf File opened for reading /proc/1232/cmdline boatnet.x86.elf File opened for reading /proc/1241/cmdline boatnet.x86.elf File opened for reading /proc/1318/cmdline boatnet.x86.elf File opened for reading /proc/1556/cmdline boatnet.x86.elf File opened for reading /proc/794/cmdline boatnet.x86.elf File opened for reading /proc/638/cmdline boatnet.x86.elf File opened for reading /proc/664/cmdline boatnet.x86.elf File opened for reading /proc/772/cmdline boatnet.x86.elf File opened for reading /proc/1175/cmdline boatnet.x86.elf File opened for reading /proc/518/cmdline boatnet.x86.elf File opened for reading /proc/613/cmdline boatnet.x86.elf File opened for reading /proc/452/cmdline boatnet.x86.elf File opened for reading /proc/1096/cmdline boatnet.x86.elf File opened for reading /proc/633/cmdline boatnet.x86.elf File opened for reading /proc/984/cmdline boatnet.x86.elf File opened for reading /proc/1117/cmdline boatnet.x86.elf File opened for reading /proc/1147/cmdline boatnet.x86.elf File opened for reading /proc/1555/cmdline boatnet.x86.elf File opened for reading /proc/731/cmdline boatnet.x86.elf File opened for reading /proc/1135/cmdline boatnet.x86.elf File opened for reading /proc/1363/cmdline boatnet.x86.elf File opened for reading /proc/1493/cmdline boatnet.x86.elf File opened for reading /proc/735/cmdline boatnet.x86.elf File opened for reading /proc/761/cmdline boatnet.x86.elf File opened for reading /proc/1166/cmdline boatnet.x86.elf File opened for reading /proc/1183/cmdline boatnet.x86.elf File opened for reading /proc/1389/cmdline boatnet.x86.elf File opened for reading /proc/1085/cmdline boatnet.x86.elf File opened for reading /proc/1159/cmdline boatnet.x86.elf File opened for reading /proc/593/cmdline boatnet.x86.elf File opened for reading /proc/609/cmdline boatnet.x86.elf File opened for reading /proc/612/cmdline boatnet.x86.elf File opened for reading /proc/1106/cmdline boatnet.x86.elf File opened for reading /proc/587/cmdline boatnet.x86.elf File opened for reading /proc/689/cmdline boatnet.x86.elf File opened for reading /proc/1054/cmdline boatnet.x86.elf File opened for reading /proc/1160/cmdline boatnet.x86.elf File opened for reading /proc/1205/cmdline boatnet.x86.elf File opened for reading /proc/413/cmdline boatnet.x86.elf File opened for reading /proc/845/cmdline boatnet.x86.elf File opened for reading /proc/588/cmdline boatnet.x86.elf File opened for reading /proc/1045/cmdline boatnet.x86.elf