mirai | 352124941c6104f42710220c77fadf3057ae1236e6c6ad0fe8a01539688122e0 | Triage

Analysis

max time kernel
140s
max time network
141s
platform
linux_amd64
resource
ubuntu1804-amd64-en-20211208
resource tags

arch:amd64arch:i386image:ubuntu1804-amd64-en-20211208kernel:4.15.0-161-genericlocale:en-usos:ubuntu-18.04-amd64system
submitted
01-06-2023 20:46

Sharing

Report Analysis Logs

General

Target

x86
Size

45KB
MD5

b33c9cf1c20dfb96139aa8039865f610
SHA1

33ca5a074491910a42e458dbba2579f5e531b029
SHA256

352124941c6104f42710220c77fadf3057ae1236e6c6ad0fe8a01539688122e0
SHA512

d22e92e0520a5aad362c78fcb89c4b12cc99d54e5a050bb0ee01ba0f8ef06d5f1293348749937b216b744754dee0bb0cfb8e5fe2fa566945c84db74740a13f88
SSDEEP

768:tmPgErQwYqbcwLAixtn1GZHG3ph/QEA1+Ay3t6y9I8FESnIv1UD:tigErQwVQwR7GZm5NA1+dd6y9NESnM1U

Score

10^/10

mirai botnet

Malware Config

Signatures

Mirai
Mirai is a prevalent Linux malware infecting exposed network devices.
botnet mirai
Changes its process name 1 IoCs

Processes:

x86

description ioc pid process

Changes the process name, possibly in an attempt to hide itself a 585 x86
Writes file to tmp directory 1 IoCs
Malware often drops required files in the /tmp directory.

Processes:

x86

description ioc process

File opened for modification /tmp/tempOU1p5z x86

/tmp/x86
/tmp/x86
1⤵
- Changes its process name
- Writes file to tmp directory
PID:585

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

/tmp/tempOU1p5z

Filesize
45KB

MD5
b33c9cf1c20dfb96139aa8039865f610

SHA1
33ca5a074491910a42e458dbba2579f5e531b029

SHA256
352124941c6104f42710220c77fadf3057ae1236e6c6ad0fe8a01539688122e0

SHA512
d22e92e0520a5aad362c78fcb89c4b12cc99d54e5a050bb0ee01ba0f8ef06d5f1293348749937b216b744754dee0bb0cfb8e5fe2fa566945c84db74740a13f88

Download Submit