Analysis
-
max time kernel
149s -
max time network
9s -
platform
debian-9_armhf -
resource
debian9-armhf-20240611-en -
resource tags
arch:armhfimage:debian9-armhf-20240611-enkernel:4.9.0-13-armmp-lpaelocale:en-usos:debian-9-armhfsystem -
submitted
08/12/2024, 01:37
Behavioral task
behavioral1
Sample
boatnet.arm7.elf
Resource
debian9-armhf-20240611-en
debian-9-armhf
6 signatures
150 seconds
General
-
Target
boatnet.arm7.elf
-
Size
45KB
-
MD5
692eabb69c031e42d5156c592a470944
-
SHA1
fe4e9eef1330bc840001405a1bc696125aaf1c3b
-
SHA256
9cc1801bf468bb5099f98d91cca28ba53d1b15ed410f9cd6708982ef3e12d6ef
-
SHA512
3d972f640475223f067069e85f954fcb277d8208b570f3eca712ef30d470210c843b3494a1ce0efdee618b3412105e0edca4c5a5479d9caebfc06bdd1b6cbce9
-
SSDEEP
768:Z7ZxCMtE5CUbgAqLDfYko9S5FDfrYnLFnWJ5R9q3UELo8q0ln5fhZX9uOah/:ZV4KE5C+ghLDgktFfwRnK5EL5Tn55ZAb
Score
10/10
Malware Config
Extracted
Family
mirai
Botnet
LZRD
Signatures
-
Mirai family
-
Modifies Watchdog functionality 1 TTPs 2 IoCs
Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.
description ioc Process File opened for modification /dev/watchdog boatnet.arm7.elf File opened for modification /dev/misc/watchdog boatnet.arm7.elf -
Enumerates running processes
Discovers information about currently running processes on the system
-
Writes file to system bin folder 2 IoCs
description ioc Process File opened for modification /sbin/watchdog boatnet.arm7.elf File opened for modification /bin/watchdog boatnet.arm7.elf -
description ioc Process File opened for reading /proc/self/exe boatnet.arm7.elf File opened for reading /proc/672/cmdline boatnet.arm7.elf File opened for reading /proc/708/cmdline boatnet.arm7.elf File opened for reading /proc/746/cmdline boatnet.arm7.elf File opened for reading /proc/773/cmdline boatnet.arm7.elf File opened for reading /proc/801/cmdline boatnet.arm7.elf File opened for reading /proc/488/cmdline boatnet.arm7.elf File opened for reading /proc/489/cmdline boatnet.arm7.elf File opened for reading /proc/757/cmdline boatnet.arm7.elf File opened for reading /proc/789/cmdline boatnet.arm7.elf File opened for reading /proc/805/cmdline boatnet.arm7.elf File opened for reading /proc/803/cmdline boatnet.arm7.elf File opened for reading /proc/665/cmdline boatnet.arm7.elf File opened for reading /proc/673/cmdline boatnet.arm7.elf File opened for reading /proc/684/cmdline boatnet.arm7.elf File opened for reading /proc/721/cmdline boatnet.arm7.elf File opened for reading /proc/741/cmdline boatnet.arm7.elf File opened for reading /proc/749/cmdline boatnet.arm7.elf File opened for reading /proc/799/cmdline boatnet.arm7.elf File opened for reading /proc/809/cmdline boatnet.arm7.elf File opened for reading /proc/811/cmdline boatnet.arm7.elf File opened for reading /proc/666/cmdline boatnet.arm7.elf File opened for reading /proc/677/cmdline boatnet.arm7.elf File opened for reading /proc/701/cmdline boatnet.arm7.elf File opened for reading /proc/807/cmdline boatnet.arm7.elf File opened for reading /proc/429/cmdline boatnet.arm7.elf File opened for reading /proc/679/cmdline boatnet.arm7.elf File opened for reading /proc/737/cmdline boatnet.arm7.elf File opened for reading /proc/791/cmdline boatnet.arm7.elf File opened for reading /proc/793/cmdline boatnet.arm7.elf File opened for reading /proc/797/cmdline boatnet.arm7.elf File opened for reading /proc/800/cmdline boatnet.arm7.elf File opened for reading /proc/714/cmdline boatnet.arm7.elf File opened for reading /proc/720/cmdline boatnet.arm7.elf File opened for reading /proc/785/cmdline boatnet.arm7.elf File opened for reading /proc/441/cmdline boatnet.arm7.elf File opened for reading /proc/671/cmdline boatnet.arm7.elf File opened for reading /proc/782/cmdline boatnet.arm7.elf File opened for reading /proc/795/cmdline boatnet.arm7.elf File opened for reading /proc/629/cmdline boatnet.arm7.elf File opened for reading /proc/736/cmdline boatnet.arm7.elf File opened for reading /proc/783/cmdline boatnet.arm7.elf