Analysis
-
max time kernel
149s -
max time network
6s -
platform
debian-9_armhf -
resource
debian9-armhf-20240611-en -
resource tags
arch:armhfimage:debian9-armhf-20240611-enkernel:4.9.0-13-armmp-lpaelocale:en-usos:debian-9-armhfsystem -
submitted
20-12-2024 22:26
Behavioral task
behavioral1
Sample
boatnet.arm6.elf
Resource
debian9-armhf-20240611-en
debian-9-armhf
6 signatures
150 seconds
General
-
Target
boatnet.arm6.elf
-
Size
27KB
-
MD5
8ff041ba09feed9a3c5e3de84ef62682
-
SHA1
944e4efff2d90d1e98cdb37d24a0e712dae21e21
-
SHA256
50a6d31700ca94be0158dc8bda60b51446c70634825143a91817713dfcd6543b
-
SHA512
210fb35b64baa4957573a57a91d6af6800db6acd1ba9a073c370d32047868e93f3899546bf2f0218d48897a35d6e82e90c5723a880b7bb7925d21cb9b64c836b
-
SSDEEP
768:mZ5DJvjb5M8CqaV9Yr67ie+8KEnpgwkChgJo2Kl9q3UELW:qNJvpvCqu9YrTePCCh+LW
Score
10/10
Malware Config
Extracted
Family
mirai
Botnet
LZRD
Signatures
-
Mirai family
-
Modifies Watchdog functionality 1 TTPs 2 IoCs
Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.
description ioc Process File opened for modification /dev/watchdog boatnet.arm6.elf File opened for modification /dev/misc/watchdog boatnet.arm6.elf -
Enumerates running processes
Discovers information about currently running processes on the system
-
Writes file to system bin folder 2 IoCs
description ioc Process File opened for modification /sbin/watchdog boatnet.arm6.elf File opened for modification /bin/watchdog boatnet.arm6.elf -
description ioc Process File opened for reading /proc/767/cmdline boatnet.arm6.elf File opened for reading /proc/787/cmdline boatnet.arm6.elf File opened for reading /proc/797/cmdline boatnet.arm6.elf File opened for reading /proc/663/cmdline boatnet.arm6.elf File opened for reading /proc/703/cmdline boatnet.arm6.elf File opened for reading /proc/763/cmdline boatnet.arm6.elf File opened for reading /proc/676/cmdline boatnet.arm6.elf File opened for reading /proc/696/cmdline boatnet.arm6.elf File opened for reading /proc/728/cmdline boatnet.arm6.elf File opened for reading /proc/741/cmdline boatnet.arm6.elf File opened for reading /proc/747/cmdline boatnet.arm6.elf File opened for reading /proc/466/cmdline boatnet.arm6.elf File opened for reading /proc/621/cmdline boatnet.arm6.elf File opened for reading /proc/664/cmdline boatnet.arm6.elf File opened for reading /proc/748/cmdline boatnet.arm6.elf File opened for reading /proc/733/cmdline boatnet.arm6.elf File opened for reading /proc/782/cmdline boatnet.arm6.elf File opened for reading /proc/789/cmdline boatnet.arm6.elf File opened for reading /proc/795/cmdline boatnet.arm6.elf File opened for reading /proc/self/exe boatnet.arm6.elf File opened for reading /proc/665/cmdline boatnet.arm6.elf File opened for reading /proc/669/cmdline boatnet.arm6.elf File opened for reading /proc/722/cmdline boatnet.arm6.elf File opened for reading /proc/799/cmdline boatnet.arm6.elf File opened for reading /proc/407/cmdline boatnet.arm6.elf File opened for reading /proc/657/cmdline boatnet.arm6.elf File opened for reading /proc/803/cmdline boatnet.arm6.elf File opened for reading /proc/714/cmdline boatnet.arm6.elf File opened for reading /proc/729/cmdline boatnet.arm6.elf File opened for reading /proc/777/cmdline boatnet.arm6.elf File opened for reading /proc/785/cmdline boatnet.arm6.elf File opened for reading /proc/658/cmdline boatnet.arm6.elf File opened for reading /proc/671/cmdline boatnet.arm6.elf File opened for reading /proc/702/cmdline boatnet.arm6.elf File opened for reading /proc/793/cmdline boatnet.arm6.elf File opened for reading /proc/801/cmdline boatnet.arm6.elf File opened for reading /proc/468/cmdline boatnet.arm6.elf File opened for reading /proc/682/cmdline boatnet.arm6.elf File opened for reading /proc/791/cmdline boatnet.arm6.elf File opened for reading /proc/421/cmdline boatnet.arm6.elf File opened for reading /proc/784/cmdline boatnet.arm6.elf