Analysis Overview
SHA256
e1766773026ed9e92778b034e9428c1861d01021f40a351ac5a44aff59c930ce
Threat Level: Known bad
The file boatnet.mips.elf was found to be: Known bad.
Malicious Activity Summary
Mirai
Mirai family
Modifies Watchdog functionality
Enumerates running processes
Writes file to system bin folder
UPX packed file
Reads runtime system information
System Network Configuration Discovery
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-11-09 08:08
Signatures
UPX packed file
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Analysis: behavioral1
Detonation Overview
Submitted
2024-11-09 08:08
Reported
2024-11-09 08:10
Platform
debian9-mipsbe-20240611-en
Max time kernel
150s
Max time network
12s
Command Line
Signatures
Mirai
Mirai family
Modifies Watchdog functionality
| Description | Indicator | Process | Target |
| File opened for modification | /dev/watchdog | /tmp/boatnet.mips.elf | N/A |
| File opened for modification | /dev/misc/watchdog | /tmp/boatnet.mips.elf | N/A |
Enumerates running processes
Writes file to system bin folder
| Description | Indicator | Process | Target |
| File opened for modification | /sbin/watchdog | /tmp/boatnet.mips.elf | N/A |
| File opened for modification | /bin/watchdog | /tmp/boatnet.mips.elf | N/A |
Reads runtime system information
| Description | Indicator | Process | Target |
| File opened for reading | /proc/698/cmdline | /tmp/boatnet.mips.elf | N/A |
| File opened for reading | /proc/709/cmdline | /tmp/boatnet.mips.elf | N/A |
| File opened for reading | /proc/731/cmdline | /tmp/boatnet.mips.elf | N/A |
| File opened for reading | /proc/753/cmdline | /tmp/boatnet.mips.elf | N/A |
| File opened for reading | /proc/767/cmdline | /tmp/boatnet.mips.elf | N/A |
| File opened for reading | /proc/478/cmdline | /tmp/boatnet.mips.elf | N/A |
| File opened for reading | /proc/702/cmdline | /tmp/boatnet.mips.elf | N/A |
| File opened for reading | /proc/764/cmdline | /tmp/boatnet.mips.elf | N/A |
| File opened for reading | /proc/805/cmdline | /tmp/boatnet.mips.elf | N/A |
| File opened for reading | /proc/691/cmdline | /tmp/boatnet.mips.elf | N/A |
| File opened for reading | /proc/754/cmdline | /tmp/boatnet.mips.elf | N/A |
| File opened for reading | /proc/759/cmdline | /tmp/boatnet.mips.elf | N/A |
| File opened for reading | /proc/760/cmdline | /tmp/boatnet.mips.elf | N/A |
| File opened for reading | /proc/794/cmdline | /tmp/boatnet.mips.elf | N/A |
| File opened for reading | /proc/450/cmdline | /tmp/boatnet.mips.elf | N/A |
| File opened for reading | /proc/455/cmdline | /tmp/boatnet.mips.elf | N/A |
| File opened for reading | /proc/696/cmdline | /tmp/boatnet.mips.elf | N/A |
| File opened for reading | /proc/772/cmdline | /tmp/boatnet.mips.elf | N/A |
| File opened for reading | /proc/793/cmdline | /tmp/boatnet.mips.elf | N/A |
| File opened for reading | /proc/479/cmdline | /tmp/boatnet.mips.elf | N/A |
| File opened for reading | /proc/690/cmdline | /tmp/boatnet.mips.elf | N/A |
| File opened for reading | /proc/748/cmdline | /tmp/boatnet.mips.elf | N/A |
| File opened for reading | /proc/727/cmdline | /tmp/boatnet.mips.elf | N/A |
| File opened for reading | /proc/735/cmdline | /tmp/boatnet.mips.elf | N/A |
| File opened for reading | /proc/736/cmdline | /tmp/boatnet.mips.elf | N/A |
| File opened for reading | /proc/781/cmdline | /tmp/boatnet.mips.elf | N/A |
| File opened for reading | /proc/787/cmdline | /tmp/boatnet.mips.elf | N/A |
| File opened for reading | /proc/697/cmdline | /tmp/boatnet.mips.elf | N/A |
| File opened for reading | /proc/747/cmdline | /tmp/boatnet.mips.elf | N/A |
| File opened for reading | /proc/676/cmdline | /tmp/boatnet.mips.elf | N/A |
| File opened for reading | /proc/705/cmdline | /tmp/boatnet.mips.elf | N/A |
| File opened for reading | /proc/768/cmdline | /tmp/boatnet.mips.elf | N/A |
| File opened for reading | /proc/806/cmdline | /tmp/boatnet.mips.elf | N/A |
System Network Configuration Discovery
| Description | Indicator | Process | Target |
| N/A | N/A | /tmp/boatnet.mips.elf | N/A |
Processes
/tmp/boatnet.mips.elf
[/tmp/boatnet.mips.elf]
Network
| Country | Destination | Domain | Proto |
| GB | 37.230.62.25:3778 | tcp |
Files
memory/699-1-0x00400000-0x00451a58-memory.dmp