mirai | 6e18f754e765212ff2ffa648393dad5be0ee29c592aa56e968c2304c6207b07c

Analysis

max time kernel
2s
max time network
126s
platform
linux_armhf
resource
debian9-armhf-en-20211208
resource tags

arch:armhfimage:debian9-armhf-en-20211208kernel:4.9.0-13-armmp-lpaelocale:en-usos:debian-9-armhfsystem
submitted
02-06-2023 01:37

Target

ec70b32205000e1c2c85356e6f008c5a6efb862c71884c081e55c1477dcac400.elf
Size

37KB
MD5

57247cab87467839480c61af4a10619e
SHA1

688c00538f18723079f97e409b96adf2d8d95421
SHA256

ec70b32205000e1c2c85356e6f008c5a6efb862c71884c081e55c1477dcac400
SHA512

fa3852c5703a9372648a666d6d6c2aaeb311beef31b7ecbb157e16bb3240dc5510b5f8b5dd962bbb1e7f9f13f421286aab526a815f7a0791613412808be2e247
SSDEEP

768:ICt8xQyKEXdvcsU2fPmwY4gLMh310IJ4XZbO6xHxq3UIQe:IGSzJsvb41h31HGYuHeR

Score

10^/10

Family

mirai

Botnet

UNSTABLE

Mirai
Mirai is a prevalent Linux malware infecting exposed network devices.
botnet mirai
Reads runtime system information 1 IoCs
Reads data from /proc virtual filesystem.

Processes:

ec70b32205000e1c2c85356e6f008c5a6efb862c71884c081e55c1477dcac400.elf

description ioc process

File opened for reading /proc/self/exe ec70b32205000e1c2c85356e6f008c5a6efb862c71884c081e55c1477dcac400.elf

description	ioc	process
File opened for reading	/proc/self/exe	ec70b32205000e1c2c85356e6f008c5a6efb862c71884c081e55c1477dcac400.elf

/tmp/ec70b32205000e1c2c85356e6f008c5a6efb862c71884c081e55c1477dcac400.elf
/tmp/ec70b32205000e1c2c85356e6f008c5a6efb862c71884c081e55c1477dcac400.elf
1⤵
- Reads runtime system information
PID:360