Analysis
-
max time kernel
149s -
max time network
132s -
platform
ubuntu-20.04_amd64 -
resource
ubuntu2004-amd64-20240508-en -
resource tags
arch:amd64arch:i386image:ubuntu2004-amd64-20240508-enkernel:5.4.0-169-genericlocale:en-usos:ubuntu-20.04-amd64system -
submitted
25-12-2024 15:42
Behavioral task
behavioral1
Sample
boatnet.x86.elf
Resource
ubuntu2004-amd64-20240508-en
ubuntu-20.04-amd64
6 signatures
150 seconds
General
-
Target
boatnet.x86.elf
-
Size
20KB
-
MD5
83f32c8c232e9a047bb44e64ad73124e
-
SHA1
d68475b31c4c1b9eff42876633446c3629214f5c
-
SHA256
4f033b47f5ab517ce7414cfbe15ec995a097e6189fbaf7a271e6d276fadcda23
-
SHA512
ddb6d1fc06b14f5a389afb8bd8bbea7d55ec5ee46531e169f0da15f1481ccc2fc2c99a6539a4756f8bcb750c83d75400e273029b8967fd4576f320f5697cc12f
-
SSDEEP
384:M0DLpj8s/qPui8uZxoIA57RWQjJiEVi+ZkXadmTb+502F2vwA9dWuMW21bAK1oTv:x98o08kxofBE+ZkXaITbp2F2TWul0c5L
Score
10/10
Malware Config
Extracted
Family
mirai
Botnet
LZRD
Signatures
-
Mirai family
-
Modifies Watchdog functionality 1 TTPs 2 IoCs
Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.
description ioc Process File opened for modification /dev/watchdog boatnet.x86.elf File opened for modification /dev/misc/watchdog boatnet.x86.elf -
Enumerates running processes
Discovers information about currently running processes on the system
-
Writes file to system bin folder 2 IoCs
description ioc Process File opened for modification /sbin/watchdog boatnet.x86.elf File opened for modification /bin/watchdog boatnet.x86.elf -
description ioc Process File opened for reading /proc/522/cmdline boatnet.x86.elf File opened for reading /proc/806/cmdline boatnet.x86.elf File opened for reading /proc/676/cmdline boatnet.x86.elf File opened for reading /proc/871/cmdline boatnet.x86.elf File opened for reading /proc/1078/cmdline boatnet.x86.elf File opened for reading /proc/579/cmdline boatnet.x86.elf File opened for reading /proc/670/cmdline boatnet.x86.elf File opened for reading /proc/1083/cmdline boatnet.x86.elf File opened for reading /proc/692/cmdline boatnet.x86.elf File opened for reading /proc/1084/cmdline boatnet.x86.elf File opened for reading /proc/1101/cmdline boatnet.x86.elf File opened for reading /proc/443/cmdline boatnet.x86.elf File opened for reading /proc/451/cmdline boatnet.x86.elf File opened for reading /proc/486/cmdline boatnet.x86.elf File opened for reading /proc/539/cmdline boatnet.x86.elf File opened for reading /proc/617/cmdline boatnet.x86.elf File opened for reading /proc/1127/cmdline boatnet.x86.elf File opened for reading /proc/1343/cmdline boatnet.x86.elf File opened for reading /proc/1445/cmdline boatnet.x86.elf File opened for reading /proc/457/cmdline boatnet.x86.elf File opened for reading /proc/696/cmdline boatnet.x86.elf File opened for reading /proc/803/cmdline boatnet.x86.elf File opened for reading /proc/1038/cmdline boatnet.x86.elf File opened for reading /proc/1095/cmdline boatnet.x86.elf File opened for reading /proc/444/cmdline boatnet.x86.elf File opened for reading /proc/498/cmdline boatnet.x86.elf File opened for reading /proc/537/cmdline boatnet.x86.elf File opened for reading /proc/986/cmdline boatnet.x86.elf File opened for reading /proc/1122/cmdline boatnet.x86.elf File opened for reading /proc/1130/cmdline boatnet.x86.elf File opened for reading /proc/781/cmdline boatnet.x86.elf File opened for reading /proc/996/cmdline boatnet.x86.elf File opened for reading /proc/1046/cmdline boatnet.x86.elf File opened for reading /proc/1050/cmdline boatnet.x86.elf File opened for reading /proc/1091/cmdline boatnet.x86.elf File opened for reading /proc/1149/cmdline boatnet.x86.elf File opened for reading /proc/812/cmdline boatnet.x86.elf File opened for reading /proc/1028/cmdline boatnet.x86.elf File opened for reading /proc/1042/cmdline boatnet.x86.elf File opened for reading /proc/1069/cmdline boatnet.x86.elf File opened for reading /proc/1110/cmdline boatnet.x86.elf File opened for reading /proc/642/cmdline boatnet.x86.elf File opened for reading /proc/891/cmdline boatnet.x86.elf File opened for reading /proc/977/cmdline boatnet.x86.elf File opened for reading /proc/446/cmdline boatnet.x86.elf File opened for reading /proc/491/cmdline boatnet.x86.elf File opened for reading /proc/503/cmdline boatnet.x86.elf File opened for reading /proc/508/cmdline boatnet.x86.elf File opened for reading /proc/583/cmdline boatnet.x86.elf File opened for reading /proc/1033/cmdline boatnet.x86.elf File opened for reading /proc/1079/cmdline boatnet.x86.elf File opened for reading /proc/1120/cmdline boatnet.x86.elf File opened for reading /proc/1265/cmdline boatnet.x86.elf File opened for reading /proc/1116/cmdline boatnet.x86.elf File opened for reading /proc/1214/cmdline boatnet.x86.elf File opened for reading /proc/1403/cmdline boatnet.x86.elf File opened for reading /proc/483/cmdline boatnet.x86.elf File opened for reading /proc/589/cmdline boatnet.x86.elf File opened for reading /proc/924/cmdline boatnet.x86.elf File opened for reading /proc/1080/cmdline boatnet.x86.elf File opened for reading /proc/1102/cmdline boatnet.x86.elf File opened for reading /proc/1466/cmdline boatnet.x86.elf File opened for reading /proc/796/cmdline boatnet.x86.elf File opened for reading /proc/858/cmdline boatnet.x86.elf