Analysis
-
max time kernel
149s -
max time network
133s -
platform
ubuntu-22.04_amd64 -
resource
ubuntu2204-amd64-20240611-en -
resource tags
arch:amd64arch:i386image:ubuntu2204-amd64-20240611-enkernel:5.15.0-105-genericlocale:en-usos:ubuntu-22.04-amd64system -
submitted
18-02-2025 05:43
Behavioral task
behavioral1
Sample
boatnet.x86.elf
Resource
ubuntu2204-amd64-20240611-en
ubuntu-22.04-amd64
6 signatures
150 seconds
General
-
Target
boatnet.x86.elf
-
Size
20KB
-
MD5
96f3a4c996750d9f2254cc55883c2ee4
-
SHA1
985d2163502ffe96c88c2c578cb9205c6140947a
-
SHA256
984e3565cdf897a62523a6776c16835634be7312a415d8c36c56ce14545539d7
-
SHA512
6b29d2fa53cc5a912372da02c52e69fd440494cf84054adaa45d8a2d5600e514e9b0ce5a56f417de7df698de3e52e2b2800561be15b6e6e7da67bd6f5d00a7e1
-
SSDEEP
384:M0sLpj8s/qPui8uZxoIA57RWQjJiEVi+ZkXaqOKV14b+502F2vwA9dWuMW21bAKL:k98o08kxofBE+ZkXaqGbp2F2TWul0c5q
Score
10/10
Malware Config
Extracted
Family
mirai
Botnet
LZRD
Signatures
-
Mirai family
-
Modifies Watchdog functionality 1 TTPs 2 IoCs
Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.
description ioc File opened for modification /dev/watchdog File opened for modification /dev/misc/watchdog -
Enumerates running processes
Discovers information about currently running processes on the system
-
Writes file to system bin folder 2 IoCs
description ioc File opened for modification /sbin/watchdog File opened for modification /bin/watchdog -
description ioc File opened for reading /proc/1195/cmdline File opened for reading /proc/959/cmdline File opened for reading /proc/1075/cmdline File opened for reading /proc/1177/cmdline File opened for reading /proc/656/cmdline File opened for reading /proc/1153/cmdline File opened for reading /proc/1042/cmdline File opened for reading /proc/1141/cmdline File opened for reading /proc/1398/cmdline File opened for reading /proc/631/cmdline File opened for reading /proc/1172/cmdline File opened for reading /proc/1139/cmdline File opened for reading /proc/1157/cmdline File opened for reading /proc/1427/cmdline File opened for reading /proc/404/cmdline File opened for reading /proc/584/cmdline File opened for reading /proc/1589/cmdline File opened for reading /proc/582/cmdline File opened for reading /proc/979/cmdline File opened for reading /proc/446/cmdline File opened for reading /proc/1012/cmdline File opened for reading /proc/599/cmdline File opened for reading /proc/1105/cmdline File opened for reading /proc/1272/cmdline File opened for reading /proc/632/cmdline File opened for reading /proc/1092/cmdline File opened for reading /proc/838/cmdline File opened for reading /proc/868/cmdline File opened for reading /proc/602/cmdline File opened for reading /proc/691/cmdline File opened for reading /proc/1286/cmdline File opened for reading /proc/1534/cmdline File opened for reading /proc/630/cmdline File opened for reading /proc/767/cmdline File opened for reading /proc/1329/cmdline File opened for reading /proc/1478/cmdline File opened for reading /proc/497/cmdline File opened for reading /proc/1123/cmdline File opened for reading /proc/588/cmdline File opened for reading /proc/1031/cmdline File opened for reading /proc/1192/cmdline File opened for reading /proc/1411/cmdline File opened for reading /proc/424/cmdline File opened for reading /proc/644/cmdline File opened for reading /proc/1051/cmdline File opened for reading /proc/1155/cmdline File opened for reading /proc/409/cmdline File opened for reading /proc/988/cmdline File opened for reading /proc/520/cmdline File opened for reading /proc/1267/cmdline File opened for reading /proc/1078/cmdline File opened for reading /proc/1292/cmdline File opened for reading /proc/1407/cmdline File opened for reading /proc/1467/cmdline File opened for reading /proc/1577/cmdline File opened for reading /proc/745/cmdline File opened for reading /proc/1036/cmdline File opened for reading /proc/981/cmdline File opened for reading /proc/1167/cmdline File opened for reading /proc/1176/cmdline File opened for reading /proc/1183/cmdline File opened for reading /proc/1325/cmdline File opened for reading /proc/589/cmdline File opened for reading /proc/738/cmdline