Analysis
-
max time kernel
149s -
max time network
128s -
platform
ubuntu-22.04_amd64 -
resource
ubuntu2204-amd64-20240729-en -
resource tags
arch:amd64arch:i386image:ubuntu2204-amd64-20240729-enkernel:5.15.0-105-genericlocale:en-usos:ubuntu-22.04-amd64system -
submitted
28-12-2024 21:07
Behavioral task
behavioral1
Sample
boatnet.x86.elf
Resource
ubuntu2204-amd64-20240729-en
ubuntu-22.04-amd64
6 signatures
150 seconds
General
-
Target
boatnet.x86.elf
-
Size
20KB
-
MD5
6966d935987bf8c8909342956b9ae498
-
SHA1
d6e8a87206817a4049d6ab5bad8a854573d32c0b
-
SHA256
5380e594a625c7d1e26f29a2bed5014705294e244d213a02dc0b61183b9c7a8f
-
SHA512
c115e6d6b0485c4490640441f9b527844a487f0a465bf596bd871c6afe41542c5bc873f550aec18fd01ee72593f4a2583bb40b9e5fea392d9bb1930914e1cbae
-
SSDEEP
384:M0DLpj8s/qPui8uZxoIA57RWQjJiEVi+ZkXadmTb+502F2vwA9dWuMW21bAK1oT3:x98o08kxofBE+ZkXaITbp2F2TWul0c5b
Score
10/10
Malware Config
Extracted
Family
mirai
Botnet
LZRD
Signatures
-
Mirai family
-
Modifies Watchdog functionality 1 TTPs 2 IoCs
Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.
description ioc Process File opened for modification /dev/watchdog boatnet.x86.elf File opened for modification /dev/misc/watchdog boatnet.x86.elf -
Enumerates running processes
Discovers information about currently running processes on the system
-
Writes file to system bin folder 2 IoCs
description ioc Process File opened for modification /bin/watchdog boatnet.x86.elf File opened for modification /sbin/watchdog boatnet.x86.elf -
description ioc Process File opened for reading /proc/1053/cmdline boatnet.x86.elf File opened for reading /proc/1195/cmdline boatnet.x86.elf File opened for reading /proc/1255/cmdline boatnet.x86.elf File opened for reading /proc/764/cmdline boatnet.x86.elf File opened for reading /proc/1131/cmdline boatnet.x86.elf File opened for reading /proc/1174/cmdline boatnet.x86.elf File opened for reading /proc/1565/cmdline boatnet.x86.elf File opened for reading /proc/592/cmdline boatnet.x86.elf File opened for reading /proc/844/cmdline boatnet.x86.elf File opened for reading /proc/1038/cmdline boatnet.x86.elf File opened for reading /proc/1158/cmdline boatnet.x86.elf File opened for reading /proc/1503/cmdline boatnet.x86.elf File opened for reading /proc/608/cmdline boatnet.x86.elf File opened for reading /proc/931/cmdline boatnet.x86.elf File opened for reading /proc/968/cmdline boatnet.x86.elf File opened for reading /proc/1074/cmdline boatnet.x86.elf File opened for reading /proc/451/cmdline boatnet.x86.elf File opened for reading /proc/634/cmdline boatnet.x86.elf File opened for reading /proc/1009/cmdline boatnet.x86.elf File opened for reading /proc/1311/cmdline boatnet.x86.elf File opened for reading /proc/664/cmdline boatnet.x86.elf File opened for reading /proc/1172/cmdline boatnet.x86.elf File opened for reading /proc/690/cmdline boatnet.x86.elf File opened for reading /proc/980/cmdline boatnet.x86.elf File opened for reading /proc/1189/cmdline boatnet.x86.elf File opened for reading /proc/797/cmdline boatnet.x86.elf File opened for reading /proc/1084/cmdline boatnet.x86.elf File opened for reading /proc/1111/cmdline boatnet.x86.elf File opened for reading /proc/1162/cmdline boatnet.x86.elf File opened for reading /proc/1124/cmdline boatnet.x86.elf File opened for reading /proc/1308/cmdline boatnet.x86.elf File opened for reading /proc/593/cmdline boatnet.x86.elf File opened for reading /proc/613/cmdline boatnet.x86.elf File opened for reading /proc/1157/cmdline boatnet.x86.elf File opened for reading /proc/1159/cmdline boatnet.x86.elf File opened for reading /proc/1568/cmdline boatnet.x86.elf File opened for reading /proc/723/cmdline boatnet.x86.elf File opened for reading /proc/762/cmdline boatnet.x86.elf File opened for reading /proc/1176/cmdline boatnet.x86.elf File opened for reading /proc/1238/cmdline boatnet.x86.elf File opened for reading /proc/612/cmdline boatnet.x86.elf File opened for reading /proc/1156/cmdline boatnet.x86.elf File opened for reading /proc/1303/cmdline boatnet.x86.elf File opened for reading /proc/1283/cmdline boatnet.x86.elf File opened for reading /proc/588/cmdline boatnet.x86.elf File opened for reading /proc/1099/cmdline boatnet.x86.elf File opened for reading /proc/1107/cmdline boatnet.x86.elf File opened for reading /proc/1237/cmdline boatnet.x86.elf File opened for reading /proc/774/cmdline boatnet.x86.elf File opened for reading /proc/840/cmdline boatnet.x86.elf File opened for reading /proc/1033/cmdline boatnet.x86.elf File opened for reading /proc/1376/cmdline boatnet.x86.elf File opened for reading /proc/1164/cmdline boatnet.x86.elf File opened for reading /proc/1242/cmdline boatnet.x86.elf File opened for reading /proc/414/cmdline boatnet.x86.elf File opened for reading /proc/636/cmdline boatnet.x86.elf File opened for reading /proc/1082/cmdline boatnet.x86.elf File opened for reading /proc/1155/cmdline boatnet.x86.elf File opened for reading /proc/743/cmdline boatnet.x86.elf File opened for reading /proc/408/cmdline boatnet.x86.elf File opened for reading /proc/648/cmdline boatnet.x86.elf File opened for reading /proc/688/cmdline boatnet.x86.elf File opened for reading /proc/736/cmdline boatnet.x86.elf File opened for reading /proc/795/cmdline boatnet.x86.elf