Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
149s -
max time network
128s -
platform
ubuntu-18.04_amd64 -
resource
ubuntu1804-amd64-20240611-en -
resource tags
arch:amd64arch:i386image:ubuntu1804-amd64-20240611-enkernel:4.15.0-213-genericlocale:en-usos:ubuntu-18.04-amd64system -
submitted
30/01/2025, 17:07
Behavioral task
behavioral1
Sample
boatnet.x86.elf
Resource
ubuntu1804-amd64-20240611-en
ubuntu-18.04-amd64
6 signatures
150 seconds
General
-
Target
boatnet.x86.elf
-
Size
28KB
-
MD5
b0d3229f1698a805854772b92d0b3f3e
-
SHA1
aaa6354f53cbc3a7a79766f404c0f1f0713bad1b
-
SHA256
9181ed6ba0e60d238ca26e6fe6f012962b75dba73f671dc0ac16586532b0a452
-
SHA512
de5ae7e323c76c640eda56dd69811802e49d843fc889aeaa0ccf3b1d1ea10605ece81b7255189d6bdcd506e1ad3aa2ecf34b467c54576a56670b42b3c2ef1615
-
SSDEEP
768:77cy4FzrJClwhYcPVdK2KkdKWWGza3anhv2DN1:PV+JCmh7/hvGMaqnhv2Db
Score
10/10
Malware Config
Extracted
Family
mirai
Botnet
LZRD
Signatures
-
Mirai family
-
Modifies Watchdog functionality 1 TTPs 2 IoCs
Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.
description ioc File opened for modification /dev/watchdog File opened for modification /dev/misc/watchdog -
Enumerates running processes
Discovers information about currently running processes on the system
-
Writes file to system bin folder 2 IoCs
description ioc File opened for modification /sbin/watchdog File opened for modification /bin/watchdog -
description ioc File opened for reading /proc/1218/cmdline File opened for reading /proc/1140/cmdline File opened for reading /proc/1183/cmdline File opened for reading /proc/1502/cmdline File opened for reading /proc/1533/cmdline File opened for reading /proc/485/cmdline File opened for reading /proc/1062/cmdline File opened for reading /proc/1513/cmdline File opened for reading /proc/446/cmdline File opened for reading /proc/555/cmdline File opened for reading /proc/1135/cmdline File opened for reading /proc/430/cmdline File opened for reading /proc/525/cmdline File opened for reading /proc/1155/cmdline File opened for reading /proc/1111/cmdline File opened for reading /proc/1179/cmdline File opened for reading /proc/1469/cmdline File opened for reading /proc/1003/cmdline File opened for reading /proc/477/cmdline File opened for reading /proc/1249/cmdline File opened for reading /proc/1557/cmdline File opened for reading /proc/1587/cmdline File opened for reading /proc/989/cmdline File opened for reading /proc/1096/cmdline File opened for reading /proc/1250/cmdline File opened for reading /proc/1291/cmdline File opened for reading /proc/1051/cmdline File opened for reading /proc/1065/cmdline File opened for reading /proc/1261/cmdline File opened for reading /proc/1551/cmdline File opened for reading /proc/1581/cmdline File opened for reading /proc/516/cmdline File opened for reading /proc/907/cmdline File opened for reading /proc/1494/cmdline File opened for reading /proc/1159/cmdline File opened for reading /proc/1177/cmdline File opened for reading /proc/404/cmdline File opened for reading /proc/867/cmdline File opened for reading /proc/981/cmdline File opened for reading /proc/1280/cmdline File opened for reading /proc/454/cmdline File opened for reading /proc/775/cmdline File opened for reading /proc/468/cmdline File opened for reading /proc/1132/cmdline File opened for reading /proc/1079/cmdline File opened for reading /proc/1539/cmdline File opened for reading /proc/1569/cmdline File opened for reading /proc/629/cmdline File opened for reading /proc/1055/cmdline File opened for reading /proc/1142/cmdline File opened for reading /proc/1486/cmdline File opened for reading /proc/1545/cmdline File opened for reading /proc/460/cmdline File opened for reading /proc/646/cmdline File opened for reading /proc/1336/cmdline File opened for reading /proc/448/cmdline File opened for reading /proc/453/cmdline File opened for reading /proc/649/cmdline File opened for reading /proc/979/cmdline File opened for reading /proc/1088/cmdline File opened for reading /proc/1160/cmdline File opened for reading /proc/544/cmdline File opened for reading /proc/1178/cmdline File opened for reading /proc/1372/cmdline