mirai | ec70b32205000e1c2c85356e6f008c5a6efb862c71884c081e55c1477dcac400

Analysis

max time kernel
1s
max time network
127s
platform
debian-9_armhf
resource
debian9-armhf-20221125-en
resource tags

arch:armhfimage:debian9-armhf-20221125-enkernel:4.9.0-13-armmp-lpaelocale:en-usos:debian-9-armhfsystem
submitted
31-05-2023 14:30

Target

SecuriteInfo.com.Trojan.Linux.Mirai.1.21505.14553.elf
Size

37KB
MD5

57247cab87467839480c61af4a10619e
SHA1

688c00538f18723079f97e409b96adf2d8d95421
SHA256

ec70b32205000e1c2c85356e6f008c5a6efb862c71884c081e55c1477dcac400
SHA512

fa3852c5703a9372648a666d6d6c2aaeb311beef31b7ecbb157e16bb3240dc5510b5f8b5dd962bbb1e7f9f13f421286aab526a815f7a0791613412808be2e247
SSDEEP

768:ICt8xQyKEXdvcsU2fPmwY4gLMh310IJ4XZbO6xHxq3UIQe:IGSzJsvb41h31HGYuHeR

Score

10^/10

Family

mirai

Botnet

UNSTABLE

Mirai
Mirai is a prevalent Linux malware infecting exposed network devices.
botnet mirai
Reads runtime system information 1 IoCs
Reads data from /proc virtual filesystem.

Processes:

SecuriteInfo.com.Trojan.Linux.Mirai.1.21505.14553.elf

description ioc process

File opened for reading /proc/self/exe SecuriteInfo.com.Trojan.Linux.Mirai.1.21505.14553.elf

description	ioc	process
File opened for reading	/proc/self/exe	SecuriteInfo.com.Trojan.Linux.Mirai.1.21505.14553.elf

/tmp/SecuriteInfo.com.Trojan.Linux.Mirai.1.21505.14553.elf
/tmp/SecuriteInfo.com.Trojan.Linux.Mirai.1.21505.14553.elf
1⤵
- Reads runtime system information
PID:356