Analysis

  • max time kernel
    0s
  • platform
    debian-9_armhf
  • resource
    debian9-armhf-20240611-en
  • resource tags

    arch:armhfimage:debian9-armhf-20240611-enkernel:4.9.0-13-armmp-lpaelocale:en-usos:debian-9-armhfsystem
  • submitted
    18-12-2024 19:26

General

  • Target

    boatnet.arm7.elf

  • Size

    49KB

  • MD5

    955617fe56f45b3adbf7529b8389140c

  • SHA1

    03e368a7fcbaf7aa2a1960911d33add9183b55ee

  • SHA256

    23ad6c20fffdfb510e1d57a0bcbd65b3b9529dbb59c4735a6f85b1b269f64e60

  • SHA512

    313d46328d11456ea5ecb64855840811ec0d27b910c9971929777882d0c5d55b7752a6f6ae3141f83fc36c97e0e75accf56e1a6aa0367f58a9a2b4e4b646d807

  • SSDEEP

    768:n6nIgWF0qHYc7MzM6t77QrQqvFUQDJ9q3UELYuOinU0GG2E9fzjGjD:n6v+rHYc7WMM7sUqL8LYP0GGDGjD

Malware Config

Extracted

Family

mirai

Botnet

LZRD

Signatures

  • Mirai

    Mirai is a prevalent Linux malware infecting exposed network devices.

  • Mirai family
  • Reads runtime system information 1 IoCs

    Reads data from /proc virtual filesystem.

Processes

  • /tmp/boatnet.arm7.elf
    /tmp/boatnet.arm7.elf
    1⤵
    • Reads runtime system information
    PID:666

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads