Analysis
-
max time kernel
150s -
max time network
154s -
platform
linux_mips -
resource
debian9-mipsbe-en-20211208 -
resource tags
-
submitted
30-04-2023 23:40
General
-
Target
SecuriteInfo.com.Heur.20230430233121085673530.elf
-
Size
44KB
-
MD5
ba9442a57c2bd1a80699cc3f2f521f1f
-
SHA1
0ce2f95e2c7efd238c6c09e1695f16f60880ea06
-
SHA256
0c082bbcf7f3189477db4f2ffac1e89ecb154ccd03774fa77c6eecfd0c927bd9
-
SHA512
b9e32671317453649b5de5fbd64337c06ba4469ca7e053ec4ff3b305417bd9fe170af44ccf642e99c0ca2f0c3c9938c9a90e41f613d6cd8abc86ed6409d97a7b
-
SSDEEP
768:H9cpVPp0msNbXuqmSjHvvS2+1ivSzhGlie5YQwtSiNDCYImTxV/D4NJgGlzDpbuN:HM1KiqmSjHvvS2JccsAU91PxJD4nVJuN
Malware Config
Extracted
mirai
KYTON
Signatures
-
Mirai
Mirai is a prevalent Linux malware infecting exposed network devices.
-
Contacts a large (112173) amount of remote hosts 1 TTPs
This may indicate a network scan to discover remotely running services.
-
Creates a large amount of network flows 1 TTPs
This may indicate a network scan to discover remotely running services.
-
Modifies the Watchdog daemon 1 TTPs
Malware like Mirai modify the Watchdog to prevent it restarting an infected system.
-
Writes file to system bin folder 1 TTPs 1 IoCs
-
Changes its process name 1 IoCs
-
Enumerates active TCP sockets 1 TTPs 1 IoCs
Gets active TCP sockets from /proc virtual filesystem.
-
Reads system network configuration 1 TTPs 1 IoCs
Uses contents of /proc filesystem to enumerate network settings.
-
Reads runtime system information 1 IoCs
Reads data from /proc virtual filesystem.
Processes
-
/tmp/SecuriteInfo.com.Heur.20230430233121085673530.elf/tmp/SecuriteInfo.com.Heur.20230430233121085673530.elf1⤵
- Changes its process name
Network
MITRE ATT&CK Enterprise v6
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/328-1-0x00400000-0x00463f7c-memory.dmp