mirai | ec4c5ab61910809c2df00c614cbd488b9321ca04a641eb0d76b55701092f67cf

Analysis

max time kernel
149s
max time network
148s
platform
debian-9_mipsel
resource
debian9-mipsel-20221111-en
resource tags

arch:mipselimage:debian9-mipsel-20221111-enkernel:4.9.0-13-4kc-maltalocale:en-usos:debian-9-mipselsystem
submitted
03-06-2023 08:50

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

5968f197f87fb96af6d96ac515a9b18a.elf
Size

19KB
MD5

5968f197f87fb96af6d96ac515a9b18a
SHA1

432515565c6ea2a0eecc7ccbf89338244cef8422
SHA256

ec4c5ab61910809c2df00c614cbd488b9321ca04a641eb0d76b55701092f67cf
SHA512

df769197a69609b90f1cc78d892752b9217b94acfa7f86ddd8688994d87b9a95c115ac6cf203b37e90461e478632eeef4d7a5d400191d263af40195de35bb95f
SSDEEP

384:vfFJF2MTJCRx070aNuvzTmEPpNIKTMC96AF9ZHDHV6UQfnlhKSNs9:lCMTJYxjaoziEPhTV6APz6Uyad9

Score

10^/10

mirai botnet

Malware Config

Signatures

Mirai
Mirai is a prevalent Linux malware infecting exposed network devices.
botnet mirai
Changes its process name 1 IoCs

Processes:

5968f197f87fb96af6d96ac515a9b18a.elf

description ioc pid process

Changes the process name, possibly in an attempt to hide itself a 337 5968f197f87fb96af6d96ac515a9b18a.elf
Enumerates running processes
Discovers information about currently running processes on the system

description	ioc	pid	process
Changes the process name, possibly in an attempt to hide itself	a	337	5968f197f87fb96af6d96ac515a9b18a.elf

Reads runtime system information 64 IoCs

Reads data from /proc virtual filesystem.

Processes:

5968f197f87fb96af6d96ac515a9b18a.elf

description	ioc
File opened for reading	/proc/80/cmdline
File opened for reading	/proc/158/cmdline
File opened for reading	/proc/266/cmdline
File opened for reading	/proc/407/cmdline
File opened for reading	/proc/9/cmdline
File opened for reading	/proc/14/cmdline
File opened for reading	/proc/21/cmdline
File opened for reading	/proc/340/cmdline
File opened for reading	/proc/5/cmdline
File opened for reading	/proc/15/cmdline
File opened for reading	/proc/74/cmdline
File opened for reading	/proc/106/cmdline
File opened for reading	/proc/262/cmdline
File opened for reading	/proc/36/cmdline
File opened for reading	/proc/71/cmdline
File opened for reading	/proc/335/cmdline
File opened for reading	/proc/336/cmdline
File opened for reading	/proc/17/cmdline
File opened for reading	/proc/19/cmdline
File opened for reading	/proc/70/cmdline
File opened for reading	/proc/82/cmdline
File opened for reading	/proc/1/cmdline
File opened for reading	/proc/13/cmdline
File opened for reading	/proc/24/cmdline
File opened for reading	/proc/116/cmdline
File opened for reading	/proc/216/cmdline
File opened for reading	/proc/332/cmdline
File opened for reading	/proc/403/cmdline
File opened for reading	/proc/83/cmdline
File opened for reading	/proc/23/cmdline
File opened for reading	/proc/73/cmdline
File opened for reading	/proc/75/cmdline
File opened for reading	/proc/294/cmdline
File opened for reading	/proc/2/cmdline
File opened for reading	/proc/3/cmdline
File opened for reading	/proc/77/cmdline
File opened for reading	/proc/140/cmdline
File opened for reading	/proc/228/cmdline
File opened for reading	/proc/410/cmdline
File opened for reading	/proc/7/cmdline
File opened for reading	/proc/72/cmdline
File opened for reading	/proc/298/cmdline
File opened for reading	/proc/308/cmdline
File opened for reading	/proc/333/cmdline
File opened for reading	/proc/4/cmdline
File opened for reading	/proc/12/cmdline
File opened for reading	/proc/22/cmdline
File opened for reading	/proc/6/cmdline
File opened for reading	/proc/115/cmdline
File opened for reading	/proc/227/cmdline
File opened for reading	/proc/232/cmdline
File opened for reading	/proc/307/cmdline
File opened for reading	/proc/10/cmdline
File opened for reading	/proc/18/cmdline
File opened for reading	/proc/20/cmdline
File opened for reading	/proc/229/cmdline
File opened for reading	/proc/11/cmdline
File opened for reading	/proc/263/cmdline
File opened for reading	/proc/287/cmdline
File opened for reading	/proc/16/cmdline
File opened for reading	/proc/37/cmdline
File opened for reading	/proc/76/cmdline
File opened for reading	/proc/225/cmdline
File opened for reading	/proc/self/exe	5968f197f87fb96af6d96ac515a9b18a.elf

/tmp/5968f197f87fb96af6d96ac515a9b18a.elf
/tmp/5968f197f87fb96af6d96ac515a9b18a.elf
1⤵
- Changes its process name
- Reads runtime system information
PID:337

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads