Analysis Overview
score
10/10
SHA256
e2a04bd1fb1e7ed211e3ee19b08337b6361d695278417d5a21ba602ca7eb99b4
Threat Level: Known bad
The file boatnet.x86.elf was found to be: Known bad.
Malicious Activity Summary
Mirai family
Mirai
Modifies Watchdog functionality
Enumerates running processes
Writes file to system bin folder
UPX packed file
Reads runtime system information
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-11-09 04:14
Signatures
UPX packed file
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Analysis: behavioral1
Detonation Overview
Submitted
2024-11-09 04:14
Reported
2024-11-09 04:17
Platform
ubuntu2204-amd64-20240522.1-en
Max time kernel
149s
Max time network
129s
Command Line
[/tmp/boatnet.x86.elf]
Signatures
Mirai
Mirai family
Modifies Watchdog functionality
| Description | Indicator | Process | Target |
| File opened for modification | /dev/misc/watchdog | /tmp/boatnet.x86.elf | N/A |
| File opened for modification | /dev/watchdog | /tmp/boatnet.x86.elf | N/A |
Enumerates running processes
Writes file to system bin folder
| Description | Indicator | Process | Target |
| File opened for modification | /sbin/watchdog | /tmp/boatnet.x86.elf | N/A |
| File opened for modification | /bin/watchdog | /tmp/boatnet.x86.elf | N/A |
Reads runtime system information
| Description | Indicator | Process | Target |
| File opened for reading | /proc/589/cmdline | /tmp/boatnet.x86.elf | N/A |
| File opened for reading | /proc/1068/cmdline | /tmp/boatnet.x86.elf | N/A |
| File opened for reading | /proc/1190/cmdline | /tmp/boatnet.x86.elf | N/A |
| File opened for reading | /proc/771/cmdline | /tmp/boatnet.x86.elf | N/A |
| File opened for reading | /proc/1034/cmdline | /tmp/boatnet.x86.elf | N/A |
| File opened for reading | /proc/739/cmdline | /tmp/boatnet.x86.elf | N/A |
| File opened for reading | /proc/748/cmdline | /tmp/boatnet.x86.elf | N/A |
| File opened for reading | /proc/796/cmdline | /tmp/boatnet.x86.elf | N/A |
| File opened for reading | /proc/1279/cmdline | /tmp/boatnet.x86.elf | N/A |
| File opened for reading | /proc/1426/cmdline | /tmp/boatnet.x86.elf | N/A |
| File opened for reading | /proc/427/cmdline | /tmp/boatnet.x86.elf | N/A |
| File opened for reading | /proc/740/cmdline | /tmp/boatnet.x86.elf | N/A |
| File opened for reading | /proc/1275/cmdline | /tmp/boatnet.x86.elf | N/A |
| File opened for reading | /proc/1394/cmdline | /tmp/boatnet.x86.elf | N/A |
| File opened for reading | /proc/992/cmdline | /tmp/boatnet.x86.elf | N/A |
| File opened for reading | /proc/1057/cmdline | /tmp/boatnet.x86.elf | N/A |
| File opened for reading | /proc/415/cmdline | /tmp/boatnet.x86.elf | N/A |
| File opened for reading | /proc/634/cmdline | /tmp/boatnet.x86.elf | N/A |
| File opened for reading | /proc/789/cmdline | /tmp/boatnet.x86.elf | N/A |
| File opened for reading | /proc/1123/cmdline | /tmp/boatnet.x86.elf | N/A |
| File opened for reading | /proc/1184/cmdline | /tmp/boatnet.x86.elf | N/A |
| File opened for reading | /proc/416/cmdline | /tmp/boatnet.x86.elf | N/A |
| File opened for reading | /proc/1232/cmdline | /tmp/boatnet.x86.elf | N/A |
| File opened for reading | /proc/1241/cmdline | /tmp/boatnet.x86.elf | N/A |
| File opened for reading | /proc/1318/cmdline | /tmp/boatnet.x86.elf | N/A |
| File opened for reading | /proc/1556/cmdline | /tmp/boatnet.x86.elf | N/A |
| File opened for reading | /proc/794/cmdline | /tmp/boatnet.x86.elf | N/A |
| File opened for reading | /proc/638/cmdline | /tmp/boatnet.x86.elf | N/A |
| File opened for reading | /proc/664/cmdline | /tmp/boatnet.x86.elf | N/A |
| File opened for reading | /proc/772/cmdline | /tmp/boatnet.x86.elf | N/A |
| File opened for reading | /proc/1175/cmdline | /tmp/boatnet.x86.elf | N/A |
| File opened for reading | /proc/518/cmdline | /tmp/boatnet.x86.elf | N/A |
| File opened for reading | /proc/613/cmdline | /tmp/boatnet.x86.elf | N/A |
| File opened for reading | /proc/452/cmdline | /tmp/boatnet.x86.elf | N/A |
| File opened for reading | /proc/1096/cmdline | /tmp/boatnet.x86.elf | N/A |
| File opened for reading | /proc/633/cmdline | /tmp/boatnet.x86.elf | N/A |
| File opened for reading | /proc/984/cmdline | /tmp/boatnet.x86.elf | N/A |
| File opened for reading | /proc/1117/cmdline | /tmp/boatnet.x86.elf | N/A |
| File opened for reading | /proc/1147/cmdline | /tmp/boatnet.x86.elf | N/A |
| File opened for reading | /proc/1555/cmdline | /tmp/boatnet.x86.elf | N/A |
| File opened for reading | /proc/731/cmdline | /tmp/boatnet.x86.elf | N/A |
| File opened for reading | /proc/1135/cmdline | /tmp/boatnet.x86.elf | N/A |
| File opened for reading | /proc/1363/cmdline | /tmp/boatnet.x86.elf | N/A |
| File opened for reading | /proc/1493/cmdline | /tmp/boatnet.x86.elf | N/A |
| File opened for reading | /proc/735/cmdline | /tmp/boatnet.x86.elf | N/A |
| File opened for reading | /proc/761/cmdline | /tmp/boatnet.x86.elf | N/A |
| File opened for reading | /proc/1166/cmdline | /tmp/boatnet.x86.elf | N/A |
| File opened for reading | /proc/1183/cmdline | /tmp/boatnet.x86.elf | N/A |
| File opened for reading | /proc/1389/cmdline | /tmp/boatnet.x86.elf | N/A |
| File opened for reading | /proc/1085/cmdline | /tmp/boatnet.x86.elf | N/A |
| File opened for reading | /proc/1159/cmdline | /tmp/boatnet.x86.elf | N/A |
| File opened for reading | /proc/593/cmdline | /tmp/boatnet.x86.elf | N/A |
| File opened for reading | /proc/609/cmdline | /tmp/boatnet.x86.elf | N/A |
| File opened for reading | /proc/612/cmdline | /tmp/boatnet.x86.elf | N/A |
| File opened for reading | /proc/1106/cmdline | /tmp/boatnet.x86.elf | N/A |
| File opened for reading | /proc/587/cmdline | /tmp/boatnet.x86.elf | N/A |
| File opened for reading | /proc/689/cmdline | /tmp/boatnet.x86.elf | N/A |
| File opened for reading | /proc/1054/cmdline | /tmp/boatnet.x86.elf | N/A |
| File opened for reading | /proc/1160/cmdline | /tmp/boatnet.x86.elf | N/A |
| File opened for reading | /proc/1205/cmdline | /tmp/boatnet.x86.elf | N/A |
| File opened for reading | /proc/413/cmdline | /tmp/boatnet.x86.elf | N/A |
| File opened for reading | /proc/845/cmdline | /tmp/boatnet.x86.elf | N/A |
| File opened for reading | /proc/588/cmdline | /tmp/boatnet.x86.elf | N/A |
| File opened for reading | /proc/1045/cmdline | /tmp/boatnet.x86.elf | N/A |
Processes
/tmp/boatnet.x86.elf
[/tmp/boatnet.x86.elf]
Network
| Country | Destination | Domain | Proto |
| N/A | 224.0.0.251:5353 | udp | |
| GB | 77.221.151.63:3778 | tcp | |
| GB | 77.221.151.63:3778 | tcp | |
| GB | 77.221.151.63:3778 | tcp | |
| GB | 77.221.151.63:3778 | tcp |
Files
memory/1552-1-0x0000000008048000-0x00000000080547a0-memory.dmp