mirai | 68786b67f4fb907876abb4e27ce6900de2e911d429ce4419e10454e94fa5719d | Triage

Analysis

max time kernel
1s
max time network
127s
platform
debian-9_armhf
resource
debian9-armhf-20221111-en
resource tags

arch:armhfimage:debian9-armhf-20221111-enkernel:4.9.0-13-armmp-lpaelocale:en-usos:debian-9-armhfsystem
submitted
30-04-2023 20:20

Sharing

Report Analysis Logs

General

Target

a93bb1ce7be73859b5802acefa44e2a9.elf
Size

32KB
MD5

a93bb1ce7be73859b5802acefa44e2a9
SHA1

b48593adcd6e1444d13dc1081d3a32acd0e9f422
SHA256

68786b67f4fb907876abb4e27ce6900de2e911d429ce4419e10454e94fa5719d
SHA512

bd8bb68a44c019063ca23abd13aa57d613da6b3b793750df2fa31201799abb0dbbf1e86c04b4b6b9030411c7db578f516c88b4cccc67ee9c6c0edadb6d8e3796
SSDEEP

768:1oiWiO031vpAPbrVWZK3XVGxm9XjAIi9q3UEL5In:1orm1vpALgUJHXLI

Score

10^/10

mirai sora botnet

Malware Config

Extracted

Family

mirai

Botnet

SORA

Signatures

Mirai
Mirai is a prevalent Linux malware infecting exposed network devices.
botnet mirai
Reads runtime system information 1 IoCs
Reads data from /proc virtual filesystem.

Processes:

a93bb1ce7be73859b5802acefa44e2a9.elf

description ioc process

File opened for reading /proc/self/exe a93bb1ce7be73859b5802acefa44e2a9.elf

/tmp/a93bb1ce7be73859b5802acefa44e2a9.elf
/tmp/a93bb1ce7be73859b5802acefa44e2a9.elf
1⤵
- Reads runtime system information
PID:353

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/353-1-0x00008000-0x0002db18-memory.dmp

Download