Analysis
-
max time kernel
149s -
max time network
129s -
platform
ubuntu-22.04_amd64 -
resource
ubuntu2204-amd64-20240611-en -
resource tags
arch:amd64arch:i386image:ubuntu2204-amd64-20240611-enkernel:5.15.0-105-genericlocale:en-usos:ubuntu-22.04-amd64system -
submitted
06-01-2025 05:32
Behavioral task
behavioral1
Sample
boatnet.x86.elf
Resource
ubuntu2204-amd64-20240611-en
ubuntu-22.04-amd64
6 signatures
150 seconds
General
-
Target
boatnet.x86.elf
-
Size
20KB
-
MD5
d6f2f15fe45673a21c635ec3a86bbaf6
-
SHA1
74ceb72c30d72e97a0facc54eab3baba032cd0b4
-
SHA256
17fea6cb5eba6979e47e6d180651a28c514e2efda73976cd93d37721e64cafde
-
SHA512
a2893490c4571bffb4668042247bd2b046e6ba3f57d66f6c1d2e64623e4bbb2276fcc5d0924e3ee50cea8bcc237cfed60ac5e4ec7ffd27af6b699fc3b3097479
-
SSDEEP
384:Mg4Lpj8s/qPui8uZxoIA57RWQjJiEVi+ZkXadmTb+502F2vwA9dWuMW21bAK1oTD:M98o08kxofBE+ZkXaITbp2F2TWul0c5P
Score
10/10
Malware Config
Extracted
Family
mirai
Botnet
LZRD
Signatures
-
Mirai family
-
Modifies Watchdog functionality 1 TTPs 2 IoCs
Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.
description ioc Process File opened for modification /dev/watchdog boatnet.x86.elf File opened for modification /dev/misc/watchdog boatnet.x86.elf -
Enumerates running processes
Discovers information about currently running processes on the system
-
Writes file to system bin folder 2 IoCs
description ioc Process File opened for modification /sbin/watchdog boatnet.x86.elf File opened for modification /bin/watchdog boatnet.x86.elf -
description ioc Process File opened for reading /proc/748/cmdline boatnet.x86.elf File opened for reading /proc/775/cmdline boatnet.x86.elf File opened for reading /proc/1119/cmdline boatnet.x86.elf File opened for reading /proc/1179/cmdline boatnet.x86.elf File opened for reading /proc/1192/cmdline boatnet.x86.elf File opened for reading /proc/587/cmdline boatnet.x86.elf File opened for reading /proc/700/cmdline boatnet.x86.elf File opened for reading /proc/1012/cmdline boatnet.x86.elf File opened for reading /proc/1131/cmdline boatnet.x86.elf File opened for reading /proc/1165/cmdline boatnet.x86.elf File opened for reading /proc/1356/cmdline boatnet.x86.elf File opened for reading /proc/676/cmdline boatnet.x86.elf File opened for reading /proc/770/cmdline boatnet.x86.elf File opened for reading /proc/1378/cmdline boatnet.x86.elf File opened for reading /proc/409/cmdline boatnet.x86.elf File opened for reading /proc/411/cmdline boatnet.x86.elf File opened for reading /proc/661/cmdline boatnet.x86.elf File opened for reading /proc/962/cmdline boatnet.x86.elf File opened for reading /proc/505/cmdline boatnet.x86.elf File opened for reading /proc/637/cmdline boatnet.x86.elf File opened for reading /proc/1169/cmdline boatnet.x86.elf File opened for reading /proc/1185/cmdline boatnet.x86.elf File opened for reading /proc/1238/cmdline boatnet.x86.elf File opened for reading /proc/871/cmdline boatnet.x86.elf File opened for reading /proc/971/cmdline boatnet.x86.elf File opened for reading /proc/1124/cmdline boatnet.x86.elf File opened for reading /proc/1230/cmdline boatnet.x86.elf File opened for reading /proc/827/cmdline boatnet.x86.elf File opened for reading /proc/983/cmdline boatnet.x86.elf File opened for reading /proc/1087/cmdline boatnet.x86.elf File opened for reading /proc/1333/cmdline boatnet.x86.elf File opened for reading /proc/416/cmdline boatnet.x86.elf File opened for reading /proc/828/cmdline boatnet.x86.elf File opened for reading /proc/1198/cmdline boatnet.x86.elf File opened for reading /proc/1032/cmdline boatnet.x86.elf File opened for reading /proc/1140/cmdline boatnet.x86.elf File opened for reading /proc/1037/cmdline boatnet.x86.elf File opened for reading /proc/1181/cmdline boatnet.x86.elf File opened for reading /proc/1394/cmdline boatnet.x86.elf File opened for reading /proc/1434/cmdline boatnet.x86.elf File opened for reading /proc/733/cmdline boatnet.x86.elf File opened for reading /proc/1158/cmdline boatnet.x86.elf File opened for reading /proc/1447/cmdline boatnet.x86.elf File opened for reading /proc/746/cmdline boatnet.x86.elf File opened for reading /proc/990/cmdline boatnet.x86.elf File opened for reading /proc/1043/cmdline boatnet.x86.elf File opened for reading /proc/1115/cmdline boatnet.x86.elf File opened for reading /proc/1178/cmdline boatnet.x86.elf File opened for reading /proc/1243/cmdline boatnet.x86.elf File opened for reading /proc/588/cmdline boatnet.x86.elf File opened for reading /proc/768/cmdline boatnet.x86.elf File opened for reading /proc/678/cmdline boatnet.x86.elf File opened for reading /proc/991/cmdline boatnet.x86.elf File opened for reading /proc/1522/cmdline boatnet.x86.elf File opened for reading /proc/506/cmdline boatnet.x86.elf File opened for reading /proc/585/cmdline boatnet.x86.elf File opened for reading /proc/1313/cmdline boatnet.x86.elf File opened for reading /proc/414/cmdline boatnet.x86.elf File opened for reading /proc/867/cmdline boatnet.x86.elf File opened for reading /proc/1290/cmdline boatnet.x86.elf File opened for reading /proc/452/cmdline boatnet.x86.elf File opened for reading /proc/1065/cmdline boatnet.x86.elf File opened for reading /proc/1236/cmdline boatnet.x86.elf File opened for reading /proc/1166/cmdline boatnet.x86.elf