mirai | 02d1dec3ad0a898f62d38394daf7f18f1e3e24a9fdd4316dbdb364eb4219f3b5 | Triage

Analysis

max time kernel
2s
max time network
126s
platform
linux_armhf
resource
debian9-armhf-en-20211208
resource tags

arch:armhfimage:debian9-armhf-en-20211208kernel:4.9.0-13-armmp-lpaelocale:en-usos:debian-9-armhfsystem
submitted
29-04-2023 08:01

Sharing

Report Analysis Logs

General

Target

594e2673df6d3aeba07e1e9fd9a77067.elf
Size

24KB
MD5

594e2673df6d3aeba07e1e9fd9a77067
SHA1

43435ae1a12c967f1ec49e9c8268ecbc52336a16
SHA256

02d1dec3ad0a898f62d38394daf7f18f1e3e24a9fdd4316dbdb364eb4219f3b5
SHA512

8cb8f77862c2bfe5ba6dcb3d80bf0c00ee2c52e99fa898ef932ee1ce004de31f34e33dca5896bdfeac0452cc4f6eafbda46ed5be3a0812588a72cc2486fcc1f2
SSDEEP

768:ygwef9WsJK3sdw/9IRhyYNvv4zhBd6Uo9q3UELaF:yFeVWdyw/9IRhyDd6sLc

Score

10^/10

mirai sora botnet

Malware Config

Extracted

Family

mirai

Botnet

SORA

Signatures

Mirai
Mirai is a prevalent Linux malware infecting exposed network devices.
botnet mirai
Reads runtime system information 1 IoCs
Reads data from /proc virtual filesystem.

Processes:

594e2673df6d3aeba07e1e9fd9a77067.elf

description ioc process

File opened for reading /proc/self/exe 594e2673df6d3aeba07e1e9fd9a77067.elf

/tmp/594e2673df6d3aeba07e1e9fd9a77067.elf
/tmp/594e2673df6d3aeba07e1e9fd9a77067.elf
1⤵
- Reads runtime system information
PID:359

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/359-1-0x00008000-0x00027738-memory.dmp

Download