Analysis
-
max time kernel
149s -
max time network
129s -
platform
ubuntu-22.04_amd64 -
resource
ubuntu2204-amd64-20240522.1-en -
resource tags
arch:amd64arch:i386image:ubuntu2204-amd64-20240522.1-enkernel:5.15.0-105-genericlocale:en-usos:ubuntu-22.04-amd64system -
submitted
11-02-2025 19:15
Behavioral task
behavioral1
Sample
boatnet.x86.elf
Resource
ubuntu2204-amd64-20240522.1-en
ubuntu-22.04-amd64
6 signatures
150 seconds
General
-
Target
boatnet.x86.elf
-
Size
20KB
-
MD5
7e29b4ee778321251b9dc2491c0e2074
-
SHA1
e91f0b22d144c48e05c74be3c8fca8621a8b1718
-
SHA256
b0b4ca0000bf0d9c0d05b1ca0369dad3db6da085b04852ec8195d723531df5d0
-
SHA512
db17142d4f2cfe6bc47e78912cdf16a4b7e4fe57c50d3a694e47bf098d332acf17f4db1fb23bdccc259e2acdb8b9236b6983bddeca6e25bef6d4c8f6437fba23
-
SSDEEP
384:MzLp4JY8IN33qYN+OsLYhx0kHpFqy2iublAUo3lSy/:iedINH3N+9LYT0h7AUU/
Score
10/10
Malware Config
Extracted
Family
mirai
Botnet
LZRD
Signatures
-
Mirai family
-
Modifies Watchdog functionality 1 TTPs 2 IoCs
Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.
description ioc File opened for modification /dev/watchdog File opened for modification /dev/misc/watchdog -
Enumerates running processes
Discovers information about currently running processes on the system
-
Writes file to system bin folder 2 IoCs
description ioc File opened for modification /sbin/watchdog File opened for modification /bin/watchdog -
description ioc File opened for reading /proc/711/cmdline File opened for reading /proc/1183/cmdline File opened for reading /proc/1298/cmdline File opened for reading /proc/1391/cmdline File opened for reading /proc/589/cmdline File opened for reading /proc/1116/cmdline File opened for reading /proc/1176/cmdline File opened for reading /proc/1359/cmdline File opened for reading /proc/1450/cmdline File opened for reading /proc/634/cmdline File opened for reading /proc/654/cmdline File opened for reading /proc/585/cmdline File opened for reading /proc/639/cmdline File opened for reading /proc/1037/cmdline File opened for reading /proc/1404/cmdline File opened for reading /proc/524/cmdline File opened for reading /proc/740/cmdline File opened for reading /proc/773/cmdline File opened for reading /proc/1198/cmdline File opened for reading /proc/415/cmdline File opened for reading /proc/971/cmdline File opened for reading /proc/1103/cmdline File opened for reading /proc/1141/cmdline File opened for reading /proc/1154/cmdline File opened for reading /proc/1186/cmdline File opened for reading /proc/416/cmdline File opened for reading /proc/1043/cmdline File opened for reading /proc/1191/cmdline File opened for reading /proc/1493/cmdline File opened for reading /proc/1125/cmdline File opened for reading /proc/990/cmdline File opened for reading /proc/1189/cmdline File opened for reading /proc/502/cmdline File opened for reading /proc/843/cmdline File opened for reading /proc/667/cmdline File opened for reading /proc/612/cmdline File opened for reading /proc/750/cmdline File opened for reading /proc/763/cmdline File opened for reading /proc/1214/cmdline File opened for reading /proc/1219/cmdline File opened for reading /proc/410/cmdline File opened for reading /proc/1415/cmdline File opened for reading /proc/751/cmdline File opened for reading /proc/1070/cmdline File opened for reading /proc/1529/cmdline File opened for reading /proc/782/cmdline File opened for reading /proc/699/cmdline File opened for reading /proc/731/cmdline File opened for reading /proc/1055/cmdline File opened for reading /proc/1217/cmdline File opened for reading /proc/1312/cmdline File opened for reading /proc/1412/cmdline File opened for reading /proc/1541/cmdline File opened for reading /proc/588/cmdline File opened for reading /proc/1570/cmdline File opened for reading /proc/1073/cmdline File opened for reading /proc/1177/cmdline File opened for reading /proc/850/cmdline File opened for reading /proc/983/cmdline File opened for reading /proc/1232/cmdline File opened for reading /proc/501/cmdline File opened for reading /proc/1159/cmdline File opened for reading /proc/1032/cmdline File opened for reading /proc/413/cmdline