Analysis
-
max time kernel
152s -
max time network
153s -
platform
ubuntu-18.04_amd64 -
resource
ubuntu1804-amd64-20221111-en -
resource tags
-
submitted
10-05-2023 01:06
General
-
Target
21ba496a638eb57aeea8b90331f9913b7d92e223a97668a5e991be3910291e9f.elf
-
Size
27KB
-
MD5
11ac9d0f74690af6d613a7fd92001642
-
SHA1
b7d6b315a213655b32826bf512967bed8071a82c
-
SHA256
21ba496a638eb57aeea8b90331f9913b7d92e223a97668a5e991be3910291e9f
-
SHA512
cb2629bb621fa9da1234da07fa94309292224ab2d197daac4a9383e36fe759733757e5f8e84387b0f26ece2f54f382c6b6dbe307309a9a3067f621d1a992c271
-
SSDEEP
768:726A29MSaInDSzLWikmJR5rT0iRnKG1bEtl:C6n9DczJ/0iRndbE/
Malware Config
Extracted
mirai
BOTNET
pachoisgay.3utilities.com
Signatures
-
Mirai
Mirai is a prevalent Linux malware infecting exposed network devices.
-
Contacts a large (110024) amount of remote hosts 1 TTPs
This may indicate a network scan to discover remotely running services.
-
Creates a large amount of network flows 1 TTPs
This may indicate a network scan to discover remotely running services.
-
Modifies the Watchdog daemon 1 TTPs
Malware like Mirai modify the Watchdog to prevent it restarting an infected system.
-
Changes its process name 1 IoCs
-
Reads runtime system information 64 IoCs
Reads data from /proc virtual filesystem.
Processes
-
/tmp/21ba496a638eb57aeea8b90331f9913b7d92e223a97668a5e991be3910291e9f.elf/tmp/21ba496a638eb57aeea8b90331f9913b7d92e223a97668a5e991be3910291e9f.elf1⤵
- Changes its process name
Network
MITRE ATT&CK Enterprise v6
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/621-1-0x0000000008048000-0x00000000080587a0-memory.dmp