mirai | ff50b92c04b970fd6680e3216ad368743b868367f5d9a37498efee9ae17e8af5

Analysis

max time kernel
144s
max time network
150s
platform
linux_mips
resource
debian9-mipsbe-en-20211208
resource tags

arch:mipsimage:debian9-mipsbe-en-20211208kernel:4.9.0-13-4kc-maltalocale:en-usos:debian-9-mipssystem
submitted
03-06-2023 12:31

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

SecuriteInfo.com.Heur.20230603122907337151345.elf
Size

18KB
MD5

ba539d49d87c59a907a9f0ad5da7ab76
SHA1

0ee8cd23854709ef8d61a8bf74cc74e97c42cae8
SHA256

ff50b92c04b970fd6680e3216ad368743b868367f5d9a37498efee9ae17e8af5
SHA512

061d142011a3f9f77159c5e89f8ca7d7c5d77dc91049c83239a12e571111fd66d44ca741c9ddb77ed9eb5cc7e2e57c04b40a9bcdc874cfa62b8eaeb9e16aca7e
SSDEEP

384:4Zn09mfbBweSMyrZw5pR8wDPCYZMw4qdJDWftuS0swJaiDl0:4C9mfbyeSMYaDqY7d8taswJaiy

Score

10^/10

mirai botnet

Malware Config

Signatures

Mirai
Mirai is a prevalent Linux malware infecting exposed network devices.
botnet mirai
Changes its process name 1 IoCs

Processes:

SecuriteInfo.com.Heur.20230603122907337151345.elf

description ioc pid process

Changes the process name, possibly in an attempt to hide itself a 329 SecuriteInfo.com.Heur.20230603122907337151345.elf
Enumerates running processes
Discovers information about currently running processes on the system

description	ioc	pid	process
Changes the process name, possibly in an attempt to hide itself	a	329	SecuriteInfo.com.Heur.20230603122907337151345.elf

Reads runtime system information 64 IoCs

Reads data from /proc virtual filesystem.

Processes:

SecuriteInfo.com.Heur.20230603122907337151345.elf

description	ioc
File opened for reading	/proc/19/cmdline
File opened for reading	/proc/74/cmdline
File opened for reading	/proc/76/cmdline
File opened for reading	/proc/69/cmdline
File opened for reading	/proc/75/cmdline
File opened for reading	/proc/207/cmdline
File opened for reading	/proc/1/cmdline
File opened for reading	/proc/11/cmdline
File opened for reading	/proc/17/cmdline
File opened for reading	/proc/142/cmdline
File opened for reading	/proc/20/cmdline
File opened for reading	/proc/36/cmdline
File opened for reading	/proc/80/cmdline
File opened for reading	/proc/308/cmdline
File opened for reading	/proc/3/cmdline
File opened for reading	/proc/9/cmdline
File opened for reading	/proc/16/cmdline
File opened for reading	/proc/77/cmdline
File opened for reading	/proc/226/cmdline
File opened for reading	/proc/252/cmdline
File opened for reading	/proc/340/cmdline
File opened for reading	/proc/407/cmdline
File opened for reading	/proc/self/exe	SecuriteInfo.com.Heur.20230603122907337151345.elf
File opened for reading	/proc/2/cmdline
File opened for reading	/proc/5/cmdline
File opened for reading	/proc/223/cmdline
File opened for reading	/proc/255/cmdline
File opened for reading	/proc/18/cmdline
File opened for reading	/proc/23/cmdline
File opened for reading	/proc/144/cmdline
File opened for reading	/proc/79/cmdline
File opened for reading	/proc/251/cmdline
File opened for reading	/proc/295/cmdline
File opened for reading	/proc/328/cmdline
File opened for reading	/proc/10/cmdline
File opened for reading	/proc/14/cmdline
File opened for reading	/proc/37/cmdline
File opened for reading	/proc/225/cmdline
File opened for reading	/proc/327/cmdline
File opened for reading	/proc/6/cmdline
File opened for reading	/proc/299/cmdline
File opened for reading	/proc/8/cmdline
File opened for reading	/proc/399/cmdline
File opened for reading	/proc/21/cmdline
File opened for reading	/proc/222/cmdline
File opened for reading	/proc/325/cmdline
File opened for reading	/proc/307/cmdline
File opened for reading	/proc/344/cmdline
File opened for reading	/proc/4/cmdline
File opened for reading	/proc/72/cmdline
File opened for reading	/proc/115/cmdline
File opened for reading	/proc/24/cmdline
File opened for reading	/proc/70/cmdline
File opened for reading	/proc/73/cmdline
File opened for reading	/proc/114/cmdline
File opened for reading	/proc/155/cmdline
File opened for reading	/proc/273/cmdline
File opened for reading	/proc/376/cmdline
File opened for reading	/proc/395/cmdline
File opened for reading	/proc/7/cmdline
File opened for reading	/proc/15/cmdline
File opened for reading	/proc/22/cmdline
File opened for reading	/proc/13/cmdline
File opened for reading	/proc/82/cmdline

/tmp/SecuriteInfo.com.Heur.20230603122907337151345.elf
/tmp/SecuriteInfo.com.Heur.20230603122907337151345.elf
1⤵
- Changes its process name
- Reads runtime system information
PID:329

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads