Analysis
-
max time kernel
149s -
max time network
129s -
platform
ubuntu-18.04_amd64 -
resource
ubuntu1804-amd64-20240508-en -
resource tags
arch:amd64arch:i386image:ubuntu1804-amd64-20240508-enkernel:4.15.0-213-genericlocale:en-usos:ubuntu-18.04-amd64system -
submitted
18-12-2024 14:32
Behavioral task
behavioral1
Sample
boatnet.x86.elf
Resource
ubuntu1804-amd64-20240508-en
ubuntu-18.04-amd64
6 signatures
150 seconds
General
-
Target
boatnet.x86.elf
-
Size
20KB
-
MD5
9acf9fc63b01f4a7a5b33881073ff6a6
-
SHA1
cf5be79ccc477ca582c8aee42898442f8089b886
-
SHA256
0a21cbd563070ce0b39665b70de81e88f4680648335e9c6cd13963e8846e7ea9
-
SHA512
1dd2bd462850bdd10a2d95214d16dd358131838862a119b47ba6d70a0c894284efbf7294e24c79b0032aba41e09b8e84c372bdae073d6339e269187b8794eae5
-
SSDEEP
384:Mg/Lpj8s/qPui8uZxoIA57RWQjJiEVi+ZkXadmTb+502F2vwA9dWuMW21bAK1oTq:598o08kxofBE+ZkXaITbp2F2TWul0c5m
Score
10/10
Malware Config
Extracted
Family
mirai
Botnet
LZRD
Signatures
-
Mirai family
-
Modifies Watchdog functionality 1 TTPs 2 IoCs
Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.
description ioc Process File opened for modification /dev/watchdog boatnet.x86.elf File opened for modification /dev/misc/watchdog boatnet.x86.elf -
Enumerates running processes
Discovers information about currently running processes on the system
-
Writes file to system bin folder 2 IoCs
description ioc Process File opened for modification /sbin/watchdog boatnet.x86.elf File opened for modification /bin/watchdog boatnet.x86.elf -
description ioc Process File opened for reading /proc/492/cmdline boatnet.x86.elf File opened for reading /proc/648/cmdline boatnet.x86.elf File opened for reading /proc/1155/cmdline boatnet.x86.elf File opened for reading /proc/1511/cmdline boatnet.x86.elf File opened for reading /proc/490/cmdline boatnet.x86.elf File opened for reading /proc/1099/cmdline boatnet.x86.elf File opened for reading /proc/1369/cmdline boatnet.x86.elf File opened for reading /proc/665/cmdline boatnet.x86.elf File opened for reading /proc/1007/cmdline boatnet.x86.elf File opened for reading /proc/1500/cmdline boatnet.x86.elf File opened for reading /proc/1517/cmdline boatnet.x86.elf File opened for reading /proc/650/cmdline boatnet.x86.elf File opened for reading /proc/679/cmdline boatnet.x86.elf File opened for reading /proc/950/cmdline boatnet.x86.elf File opened for reading /proc/1258/cmdline boatnet.x86.elf File opened for reading /proc/1215/cmdline boatnet.x86.elf File opened for reading /proc/489/cmdline boatnet.x86.elf File opened for reading /proc/556/cmdline boatnet.x86.elf File opened for reading /proc/936/cmdline boatnet.x86.elf File opened for reading /proc/1073/cmdline boatnet.x86.elf File opened for reading /proc/407/cmdline boatnet.x86.elf File opened for reading /proc/450/cmdline boatnet.x86.elf File opened for reading /proc/1127/cmdline boatnet.x86.elf File opened for reading /proc/1245/cmdline boatnet.x86.elf File opened for reading /proc/1573/cmdline boatnet.x86.elf File opened for reading /proc/946/cmdline boatnet.x86.elf File opened for reading /proc/1159/cmdline boatnet.x86.elf File opened for reading /proc/1167/cmdline boatnet.x86.elf File opened for reading /proc/1172/cmdline boatnet.x86.elf File opened for reading /proc/1336/cmdline boatnet.x86.elf File opened for reading /proc/1110/cmdline boatnet.x86.elf File opened for reading /proc/1298/cmdline boatnet.x86.elf File opened for reading /proc/467/cmdline boatnet.x86.elf File opened for reading /proc/470/cmdline boatnet.x86.elf File opened for reading /proc/1045/cmdline boatnet.x86.elf File opened for reading /proc/1069/cmdline boatnet.x86.elf File opened for reading /proc/1141/cmdline boatnet.x86.elf File opened for reading /proc/1505/cmdline boatnet.x86.elf File opened for reading /proc/468/cmdline boatnet.x86.elf File opened for reading /proc/1579/cmdline boatnet.x86.elf File opened for reading /proc/529/cmdline boatnet.x86.elf File opened for reading /proc/673/cmdline boatnet.x86.elf File opened for reading /proc/929/cmdline boatnet.x86.elf File opened for reading /proc/1283/cmdline boatnet.x86.elf File opened for reading /proc/1567/cmdline boatnet.x86.elf File opened for reading /proc/1492/cmdline boatnet.x86.elf File opened for reading /proc/458/cmdline boatnet.x86.elf File opened for reading /proc/1152/cmdline boatnet.x86.elf File opened for reading /proc/1268/cmdline boatnet.x86.elf File opened for reading /proc/1328/cmdline boatnet.x86.elf File opened for reading /proc/1525/cmdline boatnet.x86.elf File opened for reading /proc/601/cmdline boatnet.x86.elf File opened for reading /proc/602/cmdline boatnet.x86.elf File opened for reading /proc/1467/cmdline boatnet.x86.elf File opened for reading /proc/1171/cmdline boatnet.x86.elf File opened for reading /proc/1175/cmdline boatnet.x86.elf File opened for reading /proc/1555/cmdline boatnet.x86.elf File opened for reading /proc/1499/cmdline boatnet.x86.elf File opened for reading /proc/486/cmdline boatnet.x86.elf File opened for reading /proc/551/cmdline boatnet.x86.elf File opened for reading /proc/1106/cmdline boatnet.x86.elf File opened for reading /proc/1122/cmdline boatnet.x86.elf File opened for reading /proc/1303/cmdline boatnet.x86.elf File opened for reading /proc/1244/cmdline boatnet.x86.elf