mirai | bef17d6a9d97462bb97bb30764cbd7bbc04e48a4032cab03fbde07b86b8f8e48 | Triage

Analysis

max time kernel
1s
max time network
124s
platform
linux_armhf
resource
debian9-armhf-en-20211208
resource tags

arch:armhfimage:debian9-armhf-en-20211208kernel:4.9.0-13-armmp-lpaelocale:en-usos:debian-9-armhfsystem
submitted
01-06-2023 17:12

Sharing

Report Analysis Logs

General

Target

d49e672fa3f478128676b1c50f4f216e.elf
Size

26KB
MD5

d49e672fa3f478128676b1c50f4f216e
SHA1

2d1796f582a4cb5c44c41d49f0dfaf99ca451c53
SHA256

bef17d6a9d97462bb97bb30764cbd7bbc04e48a4032cab03fbde07b86b8f8e48
SHA512

b4c7cc802dede23a166cd7c2b09848a510e50a451b040c7da9bf6998bf5967db4aeb084fa80541446ec1d74ac1470aa5d336465a91c3a79409a1d930f67042ce
SSDEEP

768:eMKyhegCCMqfizjoNpd2vJdX6vwrJ9q3UELuf:NKy4qfqoeJdXWg8L2

Score

10^/10

mirai lzrd botnet

Malware Config

Extracted

Family

mirai

Botnet

LZRD

Signatures

Mirai
Mirai is a prevalent Linux malware infecting exposed network devices.
botnet mirai
Reads runtime system information 1 IoCs
Reads data from /proc virtual filesystem.

Processes:

d49e672fa3f478128676b1c50f4f216e.elf

description ioc process

File opened for reading /proc/self/exe d49e672fa3f478128676b1c50f4f216e.elf

/tmp/d49e672fa3f478128676b1c50f4f216e.elf
/tmp/d49e672fa3f478128676b1c50f4f216e.elf
1⤵
- Reads runtime system information
PID:367

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/367-1-0x00008000-0x000228c4-memory.dmp

Download