Analysis
-
max time kernel
149s -
max time network
3s -
platform
debian-9_armhf -
resource
debian9-armhf-20240611-en -
resource tags
arch:armhfimage:debian9-armhf-20240611-enkernel:4.9.0-13-armmp-lpaelocale:en-usos:debian-9-armhfsystem -
submitted
08/12/2024, 01:42
Behavioral task
behavioral1
Sample
boatnet.arm7.elf
Resource
debian9-armhf-20240611-en
debian-9-armhf
6 signatures
150 seconds
General
-
Target
boatnet.arm7.elf
-
Size
45KB
-
MD5
692eabb69c031e42d5156c592a470944
-
SHA1
fe4e9eef1330bc840001405a1bc696125aaf1c3b
-
SHA256
9cc1801bf468bb5099f98d91cca28ba53d1b15ed410f9cd6708982ef3e12d6ef
-
SHA512
3d972f640475223f067069e85f954fcb277d8208b570f3eca712ef30d470210c843b3494a1ce0efdee618b3412105e0edca4c5a5479d9caebfc06bdd1b6cbce9
-
SSDEEP
768:Z7ZxCMtE5CUbgAqLDfYko9S5FDfrYnLFnWJ5R9q3UELo8q0ln5fhZX9uOah/:ZV4KE5C+ghLDgktFfwRnK5EL5Tn55ZAb
Score
10/10
Malware Config
Extracted
Family
mirai
Botnet
LZRD
Signatures
-
Mirai family
-
Modifies Watchdog functionality 1 TTPs 2 IoCs
Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.
description ioc Process File opened for modification /dev/watchdog boatnet.arm7.elf File opened for modification /dev/misc/watchdog boatnet.arm7.elf -
Enumerates running processes
Discovers information about currently running processes on the system
-
Writes file to system bin folder 2 IoCs
description ioc Process File opened for modification /sbin/watchdog boatnet.arm7.elf File opened for modification /bin/watchdog boatnet.arm7.elf -
description ioc Process File opened for reading /proc/self/exe boatnet.arm7.elf File opened for reading /proc/667/cmdline boatnet.arm7.elf File opened for reading /proc/786/cmdline boatnet.arm7.elf File opened for reading /proc/807/cmdline boatnet.arm7.elf File opened for reading /proc/787/cmdline boatnet.arm7.elf File opened for reading /proc/793/cmdline boatnet.arm7.elf File opened for reading /proc/797/cmdline boatnet.arm7.elf File opened for reading /proc/429/cmdline boatnet.arm7.elf File opened for reading /proc/489/cmdline boatnet.arm7.elf File opened for reading /proc/681/cmdline boatnet.arm7.elf File opened for reading /proc/716/cmdline boatnet.arm7.elf File opened for reading /proc/738/cmdline boatnet.arm7.elf File opened for reading /proc/803/cmdline boatnet.arm7.elf File opened for reading /proc/629/cmdline boatnet.arm7.elf File opened for reading /proc/702/cmdline boatnet.arm7.elf File opened for reading /proc/741/cmdline boatnet.arm7.elf File opened for reading /proc/790/cmdline boatnet.arm7.elf File opened for reading /proc/666/cmdline boatnet.arm7.elf File opened for reading /proc/737/cmdline boatnet.arm7.elf File opened for reading /proc/748/cmdline boatnet.arm7.elf File opened for reading /proc/772/cmdline boatnet.arm7.elf File opened for reading /proc/809/cmdline boatnet.arm7.elf File opened for reading /proc/673/cmdline boatnet.arm7.elf File opened for reading /proc/724/cmdline boatnet.arm7.elf File opened for reading /proc/811/cmdline boatnet.arm7.elf File opened for reading /proc/799/cmdline boatnet.arm7.elf File opened for reading /proc/671/cmdline boatnet.arm7.elf File opened for reading /proc/677/cmdline boatnet.arm7.elf File opened for reading /proc/680/cmdline boatnet.arm7.elf File opened for reading /proc/749/cmdline boatnet.arm7.elf File opened for reading /proc/795/cmdline boatnet.arm7.elf File opened for reading /proc/672/cmdline boatnet.arm7.elf File opened for reading /proc/758/cmdline boatnet.arm7.elf File opened for reading /proc/784/cmdline boatnet.arm7.elf File opened for reading /proc/791/cmdline boatnet.arm7.elf File opened for reading /proc/805/cmdline boatnet.arm7.elf File opened for reading /proc/441/cmdline boatnet.arm7.elf File opened for reading /proc/488/cmdline boatnet.arm7.elf File opened for reading /proc/710/cmdline boatnet.arm7.elf File opened for reading /proc/751/cmdline boatnet.arm7.elf File opened for reading /proc/801/cmdline boatnet.arm7.elf