Overview

overview

10

Static

static

10

boatnet.arm.elf

debian-9-armhf

7

Analysis

  • max time kernel
    149s
  • max time network
    16s
  • platform
    debian-9_armhf
  • resource
    debian9-armhf-20240611-en
  • resource tags

    arch:armhfimage:debian9-armhf-20240611-enkernel:4.9.0-13-armmp-lpaelocale:en-usos:debian-9-armhfsystem
  • submitted
    31/03/2025, 08:22

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    boatnet.arm.elf

  • Size

    56KB

  • MD5

    65aabc3a3cc4964dc92f541cfdba140e

  • SHA1

    5be2b4005e07af1da2d3da65eb8af56d1f68b2df

  • SHA256

    602a80e51058610e9331fb3dbfd38019de6900909d4922288ee95ba543569cf1

  • SHA512

    834f96cc779cc3342685c4a047efe403562183af37068cc8a2ffa0af56c152f6420f37d91e4826e393d6fde1b3ddd55c0b678408d082941c49e0295a123aa162

  • SSDEEP

    768:kwocGsPISyQH0trL3qCPhpGH0aE+ZQStAwpd2GLienQO9/3P1mA2EDEy0eYjW9Ti:McG9L3Z5pGmWRAwd2Uiac8Uz1O8

Score
7/10
defense_evasiondiscovery

Malware Config

Signatures

  • Modifies Watchdog functionality 1 TTPs 2 IoCs

    Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.

    defense_evasion
  • Enumerates running processes

    Discovers information about currently running processes on the system

  • Writes file to system bin folder 2 IoCs
  • Reads runtime system information 30 IoCs

    Reads data from /proc virtual filesystem.

    discovery

Processes

  • /tmp/boatnet.arm.elf
    /tmp/boatnet.arm.elf
    1⤵
    • Modifies Watchdog functionality
    • Writes file to system bin folder
    • Reads runtime system information
    PID:656

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads