Analysis
-
max time kernel
149s -
max time network
128s -
platform
ubuntu-18.04_amd64 -
resource
ubuntu1804-amd64-20240611-en -
resource tags
arch:amd64arch:i386image:ubuntu1804-amd64-20240611-enkernel:4.15.0-213-genericlocale:en-usos:ubuntu-18.04-amd64system -
submitted
29-01-2025 23:47
Behavioral task
behavioral1
Sample
boatnet.x86_64.elf
Resource
ubuntu1804-amd64-20240611-en
ubuntu-18.04-amd64
6 signatures
150 seconds
General
-
Target
boatnet.x86_64.elf
-
Size
31KB
-
MD5
3121b7d8112e6bbf273e7279ecb10d76
-
SHA1
3d0698e163561c151067b22a272d7e301494ebd2
-
SHA256
ca058bb3d20578aedbae2fc4a4dab479e96cac00d6e879eacf30dbf0c9bc08ed
-
SHA512
b82d6e0d502f07c89bc5ccdc6741481a8a65b4658ce6b26d88b56724e43f2477b37fcea66e3b7f5a5f62cfd5a4d22533de1d48afa1a00b4fe381c505894776cd
-
SSDEEP
768:LAGs1DDudwSC64ADv1pI0eijRiStR4p3UedT9ix07h:QjSJ9Bu05jRiSn4p3UedYOh
Score
10/10
Malware Config
Extracted
Family
mirai
Botnet
LZRD
Signatures
-
Mirai family
-
Modifies Watchdog functionality 1 TTPs 2 IoCs
Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.
description ioc Process File opened for modification /dev/watchdog boatnet.x86_64.elf File opened for modification /dev/misc/watchdog boatnet.x86_64.elf -
Enumerates running processes
Discovers information about currently running processes on the system
-
Writes file to system bin folder 2 IoCs
description ioc Process File opened for modification /sbin/watchdog boatnet.x86_64.elf File opened for modification /bin/watchdog boatnet.x86_64.elf -
description ioc Process File opened for reading /proc/438/cmdline boatnet.x86_64.elf File opened for reading /proc/971/cmdline boatnet.x86_64.elf File opened for reading /proc/1168/cmdline boatnet.x86_64.elf File opened for reading /proc/1615/cmdline boatnet.x86_64.elf File opened for reading /proc/501/cmdline boatnet.x86_64.elf File opened for reading /proc/535/cmdline boatnet.x86_64.elf File opened for reading /proc/552/cmdline boatnet.x86_64.elf File opened for reading /proc/569/cmdline boatnet.x86_64.elf File opened for reading /proc/930/cmdline boatnet.x86_64.elf File opened for reading /proc/969/cmdline boatnet.x86_64.elf File opened for reading /proc/1206/cmdline boatnet.x86_64.elf File opened for reading /proc/1092/cmdline boatnet.x86_64.elf File opened for reading /proc/1160/cmdline boatnet.x86_64.elf File opened for reading /proc/440/cmdline boatnet.x86_64.elf File opened for reading /proc/1082/cmdline boatnet.x86_64.elf File opened for reading /proc/1334/cmdline boatnet.x86_64.elf File opened for reading /proc/424/cmdline boatnet.x86_64.elf File opened for reading /proc/744/cmdline boatnet.x86_64.elf File opened for reading /proc/1315/cmdline boatnet.x86_64.elf File opened for reading /proc/1579/cmdline boatnet.x86_64.elf File opened for reading /proc/1597/cmdline boatnet.x86_64.elf File opened for reading /proc/420/cmdline boatnet.x86_64.elf File opened for reading /proc/734/cmdline boatnet.x86_64.elf File opened for reading /proc/1202/cmdline boatnet.x86_64.elf File opened for reading /proc/1279/cmdline boatnet.x86_64.elf File opened for reading /proc/1358/cmdline boatnet.x86_64.elf File opened for reading /proc/1496/cmdline boatnet.x86_64.elf File opened for reading /proc/1139/cmdline boatnet.x86_64.elf File opened for reading /proc/1143/cmdline boatnet.x86_64.elf File opened for reading /proc/1151/cmdline boatnet.x86_64.elf File opened for reading /proc/1292/cmdline boatnet.x86_64.elf File opened for reading /proc/534/cmdline boatnet.x86_64.elf File opened for reading /proc/1085/cmdline boatnet.x86_64.elf File opened for reading /proc/1179/cmdline boatnet.x86_64.elf File opened for reading /proc/1516/cmdline boatnet.x86_64.elf File opened for reading /proc/1535/cmdline boatnet.x86_64.elf File opened for reading /proc/496/cmdline boatnet.x86_64.elf File opened for reading /proc/689/cmdline boatnet.x86_64.elf File opened for reading /proc/1055/cmdline boatnet.x86_64.elf File opened for reading /proc/1174/cmdline boatnet.x86_64.elf File opened for reading /proc/499/cmdline boatnet.x86_64.elf File opened for reading /proc/587/cmdline boatnet.x86_64.elf File opened for reading /proc/1585/cmdline boatnet.x86_64.elf File opened for reading /proc/662/cmdline boatnet.x86_64.elf File opened for reading /proc/686/cmdline boatnet.x86_64.elf File opened for reading /proc/1204/cmdline boatnet.x86_64.elf File opened for reading /proc/1205/cmdline boatnet.x86_64.elf File opened for reading /proc/1561/cmdline boatnet.x86_64.elf File opened for reading /proc/506/cmdline boatnet.x86_64.elf File opened for reading /proc/432/cmdline boatnet.x86_64.elf File opened for reading /proc/684/cmdline boatnet.x86_64.elf File opened for reading /proc/1188/cmdline boatnet.x86_64.elf File opened for reading /proc/1567/cmdline boatnet.x86_64.elf File opened for reading /proc/1185/cmdline boatnet.x86_64.elf File opened for reading /proc/1212/cmdline boatnet.x86_64.elf File opened for reading /proc/1193/cmdline boatnet.x86_64.elf File opened for reading /proc/1115/cmdline boatnet.x86_64.elf File opened for reading /proc/682/cmdline boatnet.x86_64.elf File opened for reading /proc/1164/cmdline boatnet.x86_64.elf File opened for reading /proc/1331/cmdline boatnet.x86_64.elf File opened for reading /proc/1591/cmdline boatnet.x86_64.elf File opened for reading /proc/1242/cmdline boatnet.x86_64.elf File opened for reading /proc/1372/cmdline boatnet.x86_64.elf File opened for reading /proc/1147/cmdline boatnet.x86_64.elf