Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
149s -
max time network
129s -
platform
ubuntu-22.04_amd64 -
resource
ubuntu2204-amd64-20240522.1-en -
resource tags
arch:amd64arch:i386image:ubuntu2204-amd64-20240522.1-enkernel:5.15.0-105-genericlocale:en-usos:ubuntu-22.04-amd64system -
submitted
05/02/2025, 00:27
Behavioral task
behavioral1
Sample
boatnet.x86.elf
Resource
ubuntu2204-amd64-20240522.1-en
ubuntu-22.04-amd64
6 signatures
150 seconds
General
-
Target
boatnet.x86.elf
-
Size
21KB
-
MD5
3ce0ac1372f696c0c018b397fa864364
-
SHA1
67a7c0f3d4dcc353d3b916f6b9217bdc9f70d60c
-
SHA256
67fa1fdd741361dcf8166030b0f8ba08d5783626b670e6634ec2fb12787af32e
-
SHA512
06f376a0e9ef40259147b92463e84a8e71a9243956a7c17d6535bf02f13f257de05ff428ab563914cdbd03a36be8ddb7ebdc6b41fdf5aac1701bfa7be40dbd9e
-
SSDEEP
384:MQ9/Z90VktxqlIb1hRKK+VAJKZ8b6O4mBWkogv2h/j4xX0KxUAM/yhwTYSyq:7bGktxq2bHR8A8O4QWzCxlxa/yS0q
Score
10/10
Malware Config
Extracted
Family
mirai
Botnet
LZRD
Signatures
-
Mirai family
-
Modifies Watchdog functionality 1 TTPs 2 IoCs
Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.
description ioc File opened for modification /dev/watchdog File opened for modification /dev/misc/watchdog -
Enumerates running processes
Discovers information about currently running processes on the system
-
Writes file to system bin folder 2 IoCs
description ioc File opened for modification /sbin/watchdog File opened for modification /bin/watchdog -
description ioc File opened for reading /proc/452/cmdline File opened for reading /proc/1085/cmdline File opened for reading /proc/1170/cmdline File opened for reading /proc/1178/cmdline File opened for reading /proc/1559/cmdline File opened for reading /proc/518/cmdline File opened for reading /proc/748/cmdline File opened for reading /proc/1144/cmdline File opened for reading /proc/1284/cmdline File opened for reading /proc/416/cmdline File opened for reading /proc/494/cmdline File opened for reading /proc/634/cmdline File opened for reading /proc/1184/cmdline File opened for reading /proc/1253/cmdline File opened for reading /proc/1556/cmdline File opened for reading /proc/587/cmdline File opened for reading /proc/588/cmdline File opened for reading /proc/682/cmdline File opened for reading /proc/993/cmdline File opened for reading /proc/609/cmdline File opened for reading /proc/992/cmdline File opened for reading /proc/1066/cmdline File opened for reading /proc/1106/cmdline File opened for reading /proc/1434/cmdline File opened for reading /proc/766/cmdline File opened for reading /proc/1166/cmdline File opened for reading /proc/1541/cmdline File opened for reading /proc/585/cmdline File opened for reading /proc/633/cmdline File opened for reading /proc/638/cmdline File opened for reading /proc/640/cmdline File opened for reading /proc/956/cmdline File opened for reading /proc/1039/cmdline File opened for reading /proc/1163/cmdline File opened for reading /proc/413/cmdline File opened for reading /proc/735/cmdline File opened for reading /proc/1389/cmdline File opened for reading /proc/427/cmdline File opened for reading /proc/731/cmdline File opened for reading /proc/1111/cmdline File opened for reading /proc/1232/cmdline File opened for reading /proc/639/cmdline File opened for reading /proc/1070/cmdline File opened for reading /proc/1123/cmdline File opened for reading /proc/1135/cmdline File opened for reading /proc/1158/cmdline File opened for reading /proc/1180/cmdline File opened for reading /proc/1205/cmdline File opened for reading /proc/408/cmdline File opened for reading /proc/589/cmdline File opened for reading /proc/1493/cmdline File opened for reading /proc/593/cmdline File opened for reading /proc/1068/cmdline File opened for reading /proc/1147/cmdline File opened for reading /proc/1159/cmdline File opened for reading /proc/1241/cmdline File opened for reading /proc/761/cmdline File opened for reading /proc/1203/cmdline File opened for reading /proc/1279/cmdline File opened for reading /proc/1034/cmdline File opened for reading /proc/1181/cmdline File opened for reading /proc/1257/cmdline File opened for reading /proc/664/cmdline File opened for reading /proc/789/cmdline