mirai | f416c61737ce01f5240ab08f22e6f87fe9b39166ed0978f42a7de66818e7c048

Analysis

max time kernel
2s
max time network
126s
platform
linux_armhf
resource
debian9-armhf-en-20211208
resource tags

arch:armhfimage:debian9-armhf-en-20211208kernel:4.9.0-13-armmp-lpaelocale:en-usos:debian-9-armhfsystem
submitted
02-05-2023 01:56

Target

68786b67f4fb907876abb4e27ce6900de2e911d429ce4419e10454e94fa5719d.elf
Size

32KB
MD5

a93bb1ce7be73859b5802acefa44e2a9
SHA1

b48593adcd6e1444d13dc1081d3a32acd0e9f422
SHA256

68786b67f4fb907876abb4e27ce6900de2e911d429ce4419e10454e94fa5719d
SHA512

bd8bb68a44c019063ca23abd13aa57d613da6b3b793750df2fa31201799abb0dbbf1e86c04b4b6b9030411c7db578f516c88b4cccc67ee9c6c0edadb6d8e3796
SSDEEP

768:1oiWiO031vpAPbrVWZK3XVGxm9XjAIi9q3UEL5In:1orm1vpALgUJHXLI

Score

10^/10

mirai sora botnet

Family

mirai

Botnet

SORA

Mirai
Mirai is a prevalent Linux malware infecting exposed network devices.
botnet mirai
Reads runtime system information 1 IoCs
Reads data from /proc virtual filesystem.

Processes:

68786b67f4fb907876abb4e27ce6900de2e911d429ce4419e10454e94fa5719d.elf

description ioc process

File opened for reading /proc/self/exe 68786b67f4fb907876abb4e27ce6900de2e911d429ce4419e10454e94fa5719d.elf

description	ioc	process
File opened for reading	/proc/self/exe	68786b67f4fb907876abb4e27ce6900de2e911d429ce4419e10454e94fa5719d.elf

/tmp/68786b67f4fb907876abb4e27ce6900de2e911d429ce4419e10454e94fa5719d.elf
/tmp/68786b67f4fb907876abb4e27ce6900de2e911d429ce4419e10454e94fa5719d.elf
1⤵
- Reads runtime system information
PID:351