mirai | 3000394baf05440426ceab7b18f203fb6fb8d98b1ee14def09f87560ea8ea9ba | Triage

Analysis

max time kernel
1s
max time network
124s
platform
linux_armhf
resource
debian9-armhf-en-20211208
resource tags

arch:armhfimage:debian9-armhf-en-20211208kernel:4.9.0-13-armmp-lpaelocale:en-usos:debian-9-armhfsystem
submitted
14-05-2023 02:46

Sharing

Report Analysis Logs

General

Target

b8ac8ba6f1028d57de25b5f623d1aba1.elf
Size

26KB
MD5

b8ac8ba6f1028d57de25b5f623d1aba1
SHA1

72102d929594f9226765399632b79c2d26779fb3
SHA256

3000394baf05440426ceab7b18f203fb6fb8d98b1ee14def09f87560ea8ea9ba
SHA512

5778044cdf14a43f55e9025cedbba4e2be81009dc197ae45cfff0f502052cc7e019ff0fb9468eea03a676712bc70f86b142b0b419f1bbdf9f8710b9acab65bb5
SSDEEP

768:eMKyhegCCMqfizjoNpd2vJdX6vwrW9q3UELuM:NKy4qfqoeJdXWg7LJ

Score

10^/10

mirai lzrd botnet

Malware Config

Extracted

Family

mirai

Botnet

LZRD

Signatures

Mirai
Mirai is a prevalent Linux malware infecting exposed network devices.
botnet mirai
Reads runtime system information 1 IoCs
Reads data from /proc virtual filesystem.

Processes:

b8ac8ba6f1028d57de25b5f623d1aba1.elf

description ioc process

File opened for reading /proc/self/exe b8ac8ba6f1028d57de25b5f623d1aba1.elf

/tmp/b8ac8ba6f1028d57de25b5f623d1aba1.elf
/tmp/b8ac8ba6f1028d57de25b5f623d1aba1.elf
1⤵
- Reads runtime system information
PID:355

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/355-1-0x00008000-0x000228c4-memory.dmp

Download