mirai | 01bbcb06a7d7ba63fe4c033d64810e1902bec307a38f2de6061d01db2c496782

Analysis

max time kernel
151s
max time network
141s
platform
debian-9_armhf
resource
debian9-armhf-20221111-en
resource tags

arch:armhfimage:debian9-armhf-20221111-enkernel:4.9.0-13-armmp-lpaelocale:en-usos:debian-9-armhfsystem
submitted
01-06-2023 20:20

Target

fdb6c7e2fb8f98d24dc4780d72edc4d6.elf
Size

136KB
MD5

fdb6c7e2fb8f98d24dc4780d72edc4d6
SHA1

2c0f896eec00941b134b6ad439a9c6eb35a148d0
SHA256

01bbcb06a7d7ba63fe4c033d64810e1902bec307a38f2de6061d01db2c496782
SHA512

62c237dd87aa9a0b624cd2ab3becdbf4827bc21e585bda12b0db1081a0c02f1a4c305ccfbac65de40436c3a8064950cdf381b976d35aa1eedac7328f3906ce20
SSDEEP

3072:FZj667iPsazSqZow3NQn1hDvpCeGYlM/9JtaasucM:FZj6V0azSqZh3N2VCeGqM/9LPpB

Score

10^/10

mirai mirai botnet

Family

mirai

Botnet

MIRAI

Mirai
Mirai is a prevalent Linux malware infecting exposed network devices.
botnet mirai
Changes its process name 1 IoCs

Processes:

fdb6c7e2fb8f98d24dc4780d72edc4d6.elf

description ioc pid process

Changes the process name, possibly in an attempt to hide itself a 367 fdb6c7e2fb8f98d24dc4780d72edc4d6.elf
Writes file to tmp directory 1 IoCs
Malware often drops required files in the /tmp directory.

Processes:

fdb6c7e2fb8f98d24dc4780d72edc4d6.elf

description ioc process

File opened for modification /tmp/tempcOyVM1 fdb6c7e2fb8f98d24dc4780d72edc4d6.elf

description	ioc	pid	process
Changes the process name, possibly in an attempt to hide itself	a	367	fdb6c7e2fb8f98d24dc4780d72edc4d6.elf

description	ioc	process
File opened for modification	/tmp/tempcOyVM1	fdb6c7e2fb8f98d24dc4780d72edc4d6.elf

/tmp/tempcOyVM1

Filesize
136KB

MD5
fdb6c7e2fb8f98d24dc4780d72edc4d6

SHA1
2c0f896eec00941b134b6ad439a9c6eb35a148d0

SHA256
01bbcb06a7d7ba63fe4c033d64810e1902bec307a38f2de6061d01db2c496782

SHA512
62c237dd87aa9a0b624cd2ab3becdbf4827bc21e585bda12b0db1081a0c02f1a4c305ccfbac65de40436c3a8064950cdf381b976d35aa1eedac7328f3906ce20

Download Submit