Analysis
-
max time kernel
149s -
max time network
131s -
platform
ubuntu-22.04_amd64 -
resource
ubuntu2204-amd64-20250307-en -
resource tags
arch:amd64arch:i386image:ubuntu2204-amd64-20250307-enkernel:5.15.0-105-genericlocale:en-usos:ubuntu-22.04-amd64system -
submitted
31/03/2025, 08:22
Behavioral task
behavioral1
Sample
boatnet.x86.elf
Resource
ubuntu2204-amd64-20250307-en
ubuntu-22.04-amd64
4 signatures
150 seconds
General
-
Target
boatnet.x86.elf
-
Size
48KB
-
MD5
66a7e7b795caf8d38e19791c7043c82b
-
SHA1
2fbfe5b0f172a5d83994c98f23a92361cf72acd1
-
SHA256
6bd07f04c5ade4e74d0c301818e43dd35d28fbcdc9dfe2add967d1b24b74ef64
-
SHA512
a6e9da8363f9119ddd0627c0a1c14551af23d834b2177eea33a17ec57cef066805d174222e93ec36e6f050ba89c761f49301518d6b56341488106275c95f2bc3
-
SSDEEP
1536:5wri6c/Vgf4SxadTpzcveMAGoqVyrrwQ2328:5D6c/Vgf4WWTpzcPzLVgrwzG8
Score
7/10
Malware Config
Signatures
-
Modifies Watchdog functionality 1 TTPs 2 IoCs
Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.
description ioc File opened for modification /dev/watchdog File opened for modification /dev/misc/watchdog -
Enumerates running processes
Discovers information about currently running processes on the system
-
Writes file to system bin folder 2 IoCs
description ioc File opened for modification /sbin/watchdog File opened for modification /bin/watchdog -
description ioc File opened for reading /proc/1303/cmdline File opened for reading /proc/1440/cmdline File opened for reading /proc/582/cmdline File opened for reading /proc/887/cmdline File opened for reading /proc/930/cmdline File opened for reading /proc/1560/cmdline File opened for reading /proc/404/cmdline File opened for reading /proc/606/cmdline File opened for reading /proc/739/cmdline File opened for reading /proc/754/cmdline File opened for reading /proc/765/cmdline File opened for reading /proc/1046/cmdline File opened for reading /proc/1164/cmdline File opened for reading /proc/407/cmdline File opened for reading /proc/588/cmdline File opened for reading /proc/929/cmdline File opened for reading /proc/1083/cmdline File opened for reading /proc/1169/cmdline File opened for reading /proc/1209/cmdline File opened for reading /proc/523/cmdline File opened for reading /proc/673/cmdline File opened for reading /proc/732/cmdline File opened for reading /proc/756/cmdline File opened for reading /proc/1031/cmdline File opened for reading /proc/1076/cmdline File opened for reading /proc/1138/cmdline File opened for reading /proc/1151/cmdline File opened for reading /proc/589/cmdline File opened for reading /proc/1026/cmdline File opened for reading /proc/1054/cmdline File opened for reading /proc/1101/cmdline File opened for reading /proc/1163/cmdline File opened for reading /proc/1277/cmdline File opened for reading /proc/500/cmdline File opened for reading /proc/602/cmdline File opened for reading /proc/1037/cmdline File opened for reading /proc/1155/cmdline File opened for reading /proc/1166/cmdline File opened for reading /proc/1189/cmdline File opened for reading /proc/1348/cmdline File opened for reading /proc/1555/cmdline File opened for reading /proc/599/cmdline File opened for reading /proc/634/cmdline File opened for reading /proc/779/cmdline File opened for reading /proc/786/cmdline File opened for reading /proc/1105/cmdline File opened for reading /proc/1191/cmdline File opened for reading /proc/1374/cmdline File opened for reading /proc/499/cmdline File opened for reading /proc/770/cmdline File opened for reading /proc/784/cmdline File opened for reading /proc/1149/cmdline File opened for reading /proc/1299/cmdline File opened for reading /proc/1311/cmdline File opened for reading /proc/1326/cmdline File opened for reading /proc/1364/cmdline File opened for reading /proc/631/cmdline File opened for reading /proc/632/cmdline File opened for reading /proc/771/cmdline File opened for reading /proc/1060/cmdline File opened for reading /proc/1093/cmdline File opened for reading /proc/1125/cmdline File opened for reading /proc/1275/cmdline File opened for reading /proc/413/cmdline