mirai | 8bd5462306c1897218132dc562295e4cad933a9d3629a599bdc3701a1940bb1c | Triage

Analysis

max time kernel
2s
max time network
126s
platform
linux_armhf
resource
debian9-armhf-en-20211208
resource tags

arch:armhfimage:debian9-armhf-en-20211208kernel:4.9.0-13-armmp-lpaelocale:en-usos:debian-9-armhfsystem
submitted
14-05-2023 08:22

Sharing

Report Analysis Logs

General

Target

3a8c5d0fc0e1cf686c2313dd700af9c8.elf
Size

51KB
MD5

3a8c5d0fc0e1cf686c2313dd700af9c8
SHA1

aad93cdf277c1359d1646c1220cd04bcf4d8f4b0
SHA256

8bd5462306c1897218132dc562295e4cad933a9d3629a599bdc3701a1940bb1c
SHA512

5ae8a26d17c2b9c5ead552581342461c829e144f29364467486b585248980e15067e2405c5f4cb12adf9337e07e8ef9e55b88361aad5893b97b4851947783de6
SSDEEP

1536:j9O/ZMAXIxNUk05LcPqF1aBexo4opKZba:j9O/ZNKyVLGqFUFn

Score

10^/10

mirai sora botnet

Malware Config

Extracted

Family

mirai

Botnet

SORA

Signatures

Mirai
Mirai is a prevalent Linux malware infecting exposed network devices.
botnet mirai
Reads runtime system information 1 IoCs
Reads data from /proc virtual filesystem.

Processes:

3a8c5d0fc0e1cf686c2313dd700af9c8.elf

description ioc process

File opened for reading /proc/self/exe 3a8c5d0fc0e1cf686c2313dd700af9c8.elf

/tmp/3a8c5d0fc0e1cf686c2313dd700af9c8.elf
/tmp/3a8c5d0fc0e1cf686c2313dd700af9c8.elf
1⤵
- Reads runtime system information
PID:359

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/359-1-0x00008000-0x00029794-memory.dmp

Download