Overview

overview

10

Static

static

7

wshindex86.elf

ubuntu-18.04-amd64

10

Analysis

  • max time kernel
    151s
  • max time network
    149s
  • platform
    ubuntu-18.04_amd64
  • resource
    ubuntu1804-amd64-20221111-en
  • resource tags

    arch:amd64arch:i386image:ubuntu1804-amd64-20221111-enkernel:4.15.0-161-genericlocale:en-usos:ubuntu-18.04-amd64system
  • submitted
    29-05-2023 19:11

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    wshindex86.elf

  • Size

    20KB

  • MD5

    2d6ac6edb29b75b147e376ad7221a217

  • SHA1

    df02c1022825c3d3d567381c805e9067658b1623

  • SHA256

    d0a19b4a570d11010ee08acf68c399d490d31c423f94ff64019b3bef8cf3a5c9

  • SHA512

    7b666853b243a73a93f5f0c04da34bb93a87fc8527ebd343510b8e2fc40d1d065c4eb5ecb8e64e6412d125159533e2f618ac3930b607e4b09aa0e5d6716a5024

  • SSDEEP

    384:M7jgtZ3KwNS5pY62iOYtJjSBuc+VOFj3zZp+ZKlRYx2WVS499dGKHi:r7k5pYXMtFcQOFvCol+x29VKHi

Score
10/10
miraiunstablebotnet

Malware Config

Extracted

Family

mirai

Botnet

UNSTABLE

C2

fluu.badworldgama.xyz

Signatures

  • Mirai

    Mirai is a prevalent Linux malware infecting exposed network devices.

    botnetmirai
  • Changes its process name 1 IoCs
  • Modifies Watchdog functionality 1 TTPs 2 IoCs

    Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.

  • Writes file to system bin folder 1 TTPs 2 IoCs
  • Reads runtime system information 1 IoCs

    Reads data from /proc virtual filesystem.

Processes

  • /tmp/wshindex86.elf
    /tmp/wshindex86.elf
    1⤵
    • Changes its process name
    • Reads runtime system information
    PID:614

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/614-1-0x0000000008048000-0x0000000008055a20-memory.dmp

    Download