mirai | a4b7bd3134f753485f38a91f1ee72813a9b6d725b23d754c8ceb6037dab08db7 | Triage

Analysis

max time kernel
2s
max time network
134s
platform
ubuntu-18.04_amd64
resource
ubuntu1804-amd64-20221111-en
resource tags

arch:amd64arch:i386image:ubuntu1804-amd64-20221111-enkernel:4.15.0-161-genericlocale:en-usos:ubuntu-18.04-amd64system
submitted
03-06-2023 08:00

Sharing

Report Analysis Logs

General

Target

x86.elf
Size

33KB
MD5

e5f9ee335539479315555576ea61ef53
SHA1

12690fe32975678f1ecf68c20f4149ab05d8caa2
SHA256

a4b7bd3134f753485f38a91f1ee72813a9b6d725b23d754c8ceb6037dab08db7
SHA512

83d190a372649450b05667a31546c42e79d04161c8b7a82060d4816cd6bdaf70299e25c5ae1151e27b25fed8c30e3e608f8dd6c887af7e7762302d43ae6dcb0f
SSDEEP

768:0MFkCsAUD+bO5bhsrKuYlgbfSKFnWCmlqdsq9+nGd0nbcuyD7U4/2c:tkrDV5GKlONhmlcsRnU0nouy8Pc

Score

10^/10

mirai yakuza botnet

Malware Config

Extracted

Family

mirai

Botnet

YAKUZA

Signatures

Mirai
Mirai is a prevalent Linux malware infecting exposed network devices.
botnet mirai
Deletes itself 1 IoCs

Processes:

x86.elf

pid process

604 x86.elf
Reads runtime system information 1 IoCs
Reads data from /proc virtual filesystem.

Processes:

x86.elf

description ioc process

File opened for reading /proc/self/exe x86.elf

/tmp/x86.elf
/tmp/x86.elf
1⤵
- Deletes itself
- Reads runtime system information
PID:604

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/604-1-0x0000000008048000-0x000000000805b780-memory.dmp

Download