Analysis
-
max time kernel
150s -
max time network
12s -
platform
debian-9_mips -
resource
debian9-mipsbe-20240611-en -
resource tags
arch:mipsimage:debian9-mipsbe-20240611-enkernel:4.9.0-13-4kc-maltalocale:en-usos:debian-9-mipssystem -
submitted
09-11-2024 08:08
Behavioral task
behavioral1
Sample
boatnet.mips.elf
Resource
debian9-mipsbe-20240611-en
General
-
Target
boatnet.mips.elf
-
Size
23KB
-
MD5
685f0ea9406f8ddbae718a72c3f76b90
-
SHA1
eb7b35a6e797e826b6b20b39bdeb37402e062b40
-
SHA256
e1766773026ed9e92778b034e9428c1861d01021f40a351ac5a44aff59c930ce
-
SHA512
ef8ad22c1ad422413734fced67937db848b6b14e0b7312614af315aeac51946c7a51fc07c7118a19403067893fbe2568b2615d9b1c293175713bbbc68ee627c5
-
SSDEEP
384:neD8ZSH2LLZUYyGZbsOiTrowSN9rnZMINlphQ/HYtui2zbmdzJgGlzDpH7uNj1J+:neD8ZSWvZHZbs1row697qohQvg9wizJH
Malware Config
Extracted
mirai
LZRD
Signatures
-
Mirai family
-
Modifies Watchdog functionality 1 TTPs 2 IoCs
Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.
Processes:
boatnet.mips.elfdescription ioc process File opened for modification /dev/watchdog boatnet.mips.elf File opened for modification /dev/misc/watchdog boatnet.mips.elf -
Enumerates running processes
Discovers information about currently running processes on the system
-
Writes file to system bin folder 2 IoCs
Processes:
boatnet.mips.elfdescription ioc process File opened for modification /sbin/watchdog boatnet.mips.elf File opened for modification /bin/watchdog boatnet.mips.elf -
Processes:
boatnet.mips.elfdescription ioc process File opened for reading /proc/698/cmdline boatnet.mips.elf File opened for reading /proc/709/cmdline boatnet.mips.elf File opened for reading /proc/731/cmdline boatnet.mips.elf File opened for reading /proc/753/cmdline boatnet.mips.elf File opened for reading /proc/767/cmdline boatnet.mips.elf File opened for reading /proc/478/cmdline boatnet.mips.elf File opened for reading /proc/702/cmdline boatnet.mips.elf File opened for reading /proc/764/cmdline boatnet.mips.elf File opened for reading /proc/805/cmdline boatnet.mips.elf File opened for reading /proc/691/cmdline boatnet.mips.elf File opened for reading /proc/754/cmdline boatnet.mips.elf File opened for reading /proc/759/cmdline boatnet.mips.elf File opened for reading /proc/760/cmdline boatnet.mips.elf File opened for reading /proc/794/cmdline boatnet.mips.elf File opened for reading /proc/450/cmdline boatnet.mips.elf File opened for reading /proc/455/cmdline boatnet.mips.elf File opened for reading /proc/696/cmdline boatnet.mips.elf File opened for reading /proc/772/cmdline boatnet.mips.elf File opened for reading /proc/793/cmdline boatnet.mips.elf File opened for reading /proc/479/cmdline boatnet.mips.elf File opened for reading /proc/690/cmdline boatnet.mips.elf File opened for reading /proc/748/cmdline boatnet.mips.elf File opened for reading /proc/727/cmdline boatnet.mips.elf File opened for reading /proc/735/cmdline boatnet.mips.elf File opened for reading /proc/736/cmdline boatnet.mips.elf File opened for reading /proc/781/cmdline boatnet.mips.elf File opened for reading /proc/787/cmdline boatnet.mips.elf File opened for reading /proc/697/cmdline boatnet.mips.elf File opened for reading /proc/747/cmdline boatnet.mips.elf File opened for reading /proc/676/cmdline boatnet.mips.elf File opened for reading /proc/705/cmdline boatnet.mips.elf File opened for reading /proc/768/cmdline boatnet.mips.elf File opened for reading /proc/806/cmdline boatnet.mips.elf -
System Network Configuration Discovery 1 TTPs 1 IoCs
Adversaries may gather information about the network configuration of a system.
Processes:
boatnet.mips.elfpid process 699 boatnet.mips.elf