Analysis

  • max time kernel
    0s
  • platform
    debian-9_armhf
  • resource
    debian9-armhf-20240611-en
  • resource tags

    arch:armhfimage:debian9-armhf-20240611-enkernel:4.9.0-13-armmp-lpaelocale:en-usos:debian-9-armhfsystem
  • submitted
    31/01/2025, 04:35 UTC

General

  • Target

    boatnet.arm6.elf

  • Size

    26KB

  • MD5

    48ecf19ecfd103c4d01789fcc65eb770

  • SHA1

    2f9a3400b1ceb572826333274ebdca48eb5cc3b5

  • SHA256

    599ef65bdf4e1cddb01fcd65ee8f5c40dbf14278ad8570f35a2ba0ae046faef3

  • SHA512

    347efdbb5574723d128e51158b54b5a7f4156d50a13a91ae81eb535aa98a211cec0d5c277440d8fc493635dc9f94600ccf751adbb9ffd68905eb21a9b8298d9a

  • SSDEEP

    768:Q1Wlq25RoH1nQKi1ILuwgeH0kdz09q3UELi2:LjY1ne1IqapdLT

Malware Config

Extracted

Family

mirai

Botnet

LZRD

Signatures

  • Mirai

    Mirai is a prevalent Linux malware infecting exposed network devices.

  • Mirai family
  • Reads runtime system information 1 IoCs

    Reads data from /proc virtual filesystem.

Processes

  • /tmp/boatnet.arm6.elf
    /tmp/boatnet.arm6.elf
    1⤵
    • Reads runtime system information
    PID:649

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.