Overview

overview

10

Static

static

5

boatnet.arm7.elf

debian-12-armhf

10

Analysis

  • max time kernel
    150s
  • max time network
    156s
  • platform
    debian-12_armhf
  • resource
    debian12-armhf-20240221-en
  • resource tags

    arch:armhfimage:debian12-armhf-20240221-enkernel:6.1.0-17-armmp-lpaelocale:en-usos:debian-12-armhfsystem
  • submitted
    03-02-2025 08:36

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    boatnet.arm7.elf

  • Size

    45KB

  • MD5

    ea27d43ec482afe88ef5e372ef0a37a8

  • SHA1

    a6ca468fdb37f3261acca06e3bf2de7a493eeb9f

  • SHA256

    fae6874d70bab432d1a05cbe54574ca04eb0b244e3b815eeaf881871da477dde

  • SHA512

    c394e1551852571ec91ccfe19e1aa2d26db38eb0bd47b129526a5c82a66d13303dd58d5796f68f794ba9507178352689a8ba93be3d5bb4449ce559008187f354

  • SSDEEP

    768:O/TYCoIxdEk+AxoTZAZHFeq8b3e49q3UELai76ZMJ+vdRCjeg5jwnxHmXPQ:OECFd+A6YHAxehLaq0MJ+zg5EnxH4Y

Score
10/10
mirailzrdbotnetdefense_evasiondiscovery

Malware Config

Extracted

Family

mirai

Botnet

LZRD

Signatures

  • Mirai

    Mirai is a prevalent Linux malware infecting exposed network devices.

    botnetmirai
  • Mirai family
    mirai
  • Modifies Watchdog functionality 1 TTPs 2 IoCs

    Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.

    defense_evasion
  • Writes file to system bin folder 2 IoCs
  • Reads runtime system information 12 IoCs

    Reads data from /proc virtual filesystem.

    discovery

Processes

  • /tmp/boatnet.arm7.elf
    /tmp/boatnet.arm7.elf
    1⤵
    • Modifies Watchdog functionality
    • Writes file to system bin folder
    • Reads runtime system information
    PID:708

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads