Analysis
-
max time kernel
149s -
max time network
133s -
platform
ubuntu-24.04_amd64 -
resource
ubuntu2404-amd64-20240523-en -
resource tags
arch:amd64arch:i386image:ubuntu2404-amd64-20240523-enkernel:6.8.0-31-genericlocale:en-usos:ubuntu-24.04-amd64system -
submitted
12-01-2025 14:35
Behavioral task
behavioral1
Sample
boatnet.x86_64.elf
Resource
ubuntu2404-amd64-20240523-en
ubuntu-24.04-amd64
6 signatures
150 seconds
General
-
Target
boatnet.x86_64.elf
-
Size
31KB
-
MD5
709b104e746f24f3b18f7a1118c18bf0
-
SHA1
c1735eb637560a097d7a451601bb9ca2e8706e21
-
SHA256
abbd8780d40c95322f51410e0c77e22f3cb85a1e820ce62c604d3237c24089f1
-
SHA512
25d982fa5382a5ca8ad6820bb4021763c25bbe8ebc414043ade122529c0b1adcc10cd8fe6caa0b5ad5a4b97d9cfc80d0a15338e7422b2604dc2ecab88fcbba34
-
SSDEEP
768:VA8sF/Ttf+pZlilsM68XATG5Th53qZSlOWmKJix07x:GjiiBzXjT53ISpmvOx
Score
10/10
Malware Config
Extracted
Family
mirai
Botnet
LZRD
Signatures
-
Mirai family
-
Modifies Watchdog functionality 1 TTPs 2 IoCs
Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.
description ioc Process File opened for modification /dev/misc/watchdog boatnet.x86_64.elf File opened for modification /dev/watchdog boatnet.x86_64.elf -
Enumerates running processes
Discovers information about currently running processes on the system
-
Writes file to system bin folder 2 IoCs
description ioc Process File opened for modification /sbin/watchdog boatnet.x86_64.elf File opened for modification /bin/watchdog boatnet.x86_64.elf -
description ioc Process File opened for reading /proc/1337/cmdline boatnet.x86_64.elf File opened for reading /proc/2157/cmdline boatnet.x86_64.elf File opened for reading /proc/2439/cmdline boatnet.x86_64.elf File opened for reading /proc/833/cmdline boatnet.x86_64.elf File opened for reading /proc/1756/cmdline boatnet.x86_64.elf File opened for reading /proc/2246/cmdline boatnet.x86_64.elf File opened for reading /proc/786/cmdline boatnet.x86_64.elf File opened for reading /proc/897/cmdline boatnet.x86_64.elf File opened for reading /proc/1046/cmdline boatnet.x86_64.elf File opened for reading /proc/1055/cmdline boatnet.x86_64.elf File opened for reading /proc/2449/cmdline boatnet.x86_64.elf File opened for reading /proc/1652/cmdline boatnet.x86_64.elf File opened for reading /proc/1843/cmdline boatnet.x86_64.elf File opened for reading /proc/442/cmdline boatnet.x86_64.elf File opened for reading /proc/584/cmdline boatnet.x86_64.elf File opened for reading /proc/1930/cmdline boatnet.x86_64.elf File opened for reading /proc/1951/cmdline boatnet.x86_64.elf File opened for reading /proc/2164/cmdline boatnet.x86_64.elf File opened for reading /proc/794/cmdline boatnet.x86_64.elf File opened for reading /proc/828/cmdline boatnet.x86_64.elf File opened for reading /proc/1654/cmdline boatnet.x86_64.elf File opened for reading /proc/2438/cmdline boatnet.x86_64.elf File opened for reading /proc/1078/cmdline boatnet.x86_64.elf File opened for reading /proc/2085/cmdline boatnet.x86_64.elf File opened for reading /proc/2090/cmdline boatnet.x86_64.elf File opened for reading /proc/2228/cmdline boatnet.x86_64.elf File opened for reading /proc/2476/cmdline boatnet.x86_64.elf File opened for reading /proc/791/cmdline boatnet.x86_64.elf File opened for reading /proc/1955/cmdline boatnet.x86_64.elf File opened for reading /proc/2170/cmdline boatnet.x86_64.elf File opened for reading /proc/1644/cmdline boatnet.x86_64.elf File opened for reading /proc/2154/cmdline boatnet.x86_64.elf File opened for reading /proc/792/cmdline boatnet.x86_64.elf File opened for reading /proc/1086/cmdline boatnet.x86_64.elf File opened for reading /proc/1254/cmdline boatnet.x86_64.elf File opened for reading /proc/1893/cmdline boatnet.x86_64.elf File opened for reading /proc/2234/cmdline boatnet.x86_64.elf File opened for reading /proc/511/cmdline boatnet.x86_64.elf File opened for reading /proc/1959/cmdline boatnet.x86_64.elf File opened for reading /proc/2110/cmdline boatnet.x86_64.elf File opened for reading /proc/2191/cmdline boatnet.x86_64.elf File opened for reading /proc/1129/cmdline boatnet.x86_64.elf File opened for reading /proc/1954/cmdline boatnet.x86_64.elf File opened for reading /proc/1058/cmdline boatnet.x86_64.elf File opened for reading /proc/1396/cmdline boatnet.x86_64.elf File opened for reading /proc/1662/cmdline boatnet.x86_64.elf File opened for reading /proc/1888/cmdline boatnet.x86_64.elf File opened for reading /proc/1845/cmdline boatnet.x86_64.elf File opened for reading /proc/1900/cmdline boatnet.x86_64.elf File opened for reading /proc/2446/cmdline boatnet.x86_64.elf File opened for reading /proc/433/cmdline boatnet.x86_64.elf File opened for reading /proc/1069/cmdline boatnet.x86_64.elf File opened for reading /proc/1821/cmdline boatnet.x86_64.elf File opened for reading /proc/1899/cmdline boatnet.x86_64.elf File opened for reading /proc/580/cmdline boatnet.x86_64.elf File opened for reading /proc/588/cmdline boatnet.x86_64.elf File opened for reading /proc/776/cmdline boatnet.x86_64.elf File opened for reading /proc/1123/cmdline boatnet.x86_64.elf File opened for reading /proc/1866/cmdline boatnet.x86_64.elf File opened for reading /proc/1875/cmdline boatnet.x86_64.elf File opened for reading /proc/1933/cmdline boatnet.x86_64.elf File opened for reading /proc/1957/cmdline boatnet.x86_64.elf File opened for reading /proc/1061/cmdline boatnet.x86_64.elf File opened for reading /proc/1397/cmdline boatnet.x86_64.elf