Analysis
-
max time kernel
152s -
max time network
153s -
platform
ubuntu-18.04_amd64 -
resource
ubuntu1804-amd64-20221111-en -
resource tags
-
submitted
08-05-2023 17:12
General
-
Target
110b9c4df6a774b547fe6261df6f7640.elf
-
Size
28KB
-
MD5
110b9c4df6a774b547fe6261df6f7640
-
SHA1
0594b221c18a6e313d636276c5d026bd5cd0f3fa
-
SHA256
86d15c6595bf8318ce2e0ca46727a8dca0c604d3114e1bbc089b8eea67c046eb
-
SHA512
d89162499cc6bf7d566781ce3216af32605b0fb8ba6ad0ceabaef4c3315b4245404f8171ee38a2d219dcb05df3db023d39e2f170a03ab35e06a6c69645ae5786
-
SSDEEP
768:LhAP7JIINnYOEzJgMoojL+xexp3e/e3RZ+dImO+o1sI:iNHNY30ouEhemhcdW1qI
Malware Config
Extracted
mirai
BOTNET
pachoisgay.3utilities.com
Signatures
-
Mirai
Mirai is a prevalent Linux malware infecting exposed network devices.
-
Contacts a large (110789) amount of remote hosts 1 TTPs
This may indicate a network scan to discover remotely running services.
-
Creates a large amount of network flows 1 TTPs
This may indicate a network scan to discover remotely running services.
-
Modifies the Watchdog daemon 1 TTPs
Malware like Mirai modify the Watchdog to prevent it restarting an infected system.
-
Changes its process name 1 IoCs
-
Reads runtime system information 64 IoCs
Reads data from /proc virtual filesystem.
Processes
-
/tmp/110b9c4df6a774b547fe6261df6f7640.elf/tmp/110b9c4df6a774b547fe6261df6f7640.elf1⤵
- Changes its process name
Network
MITRE ATT&CK Enterprise v6
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/598-1-0x0000000000400000-0x0000000000510ce8-memory.dmp