Analysis
-
max time kernel
150s -
max time network
145s -
platform
debian-9_armhf -
resource
debian9-armhf-20221125-en -
resource tags
-
submitted
03-06-2023 21:23
General
-
Target
aed49bccdeca28913942f2362217d11c.elf
-
Size
45KB
-
MD5
aed49bccdeca28913942f2362217d11c
-
SHA1
7b01805655ee5ec0379b2d3251b325675d72561d
-
SHA256
15749284972ee3fc0e8534905f666b27722020b49090ea08a04ea2eb46628ebb
-
SHA512
db86c7ace384d2f413e8d9e4ae28713e42d9e61de9430981926814a905dcdac0c3353bc41bc3f3d42dfb4b0e259f890902917c34963e4ad7bcbec178b38a6bd4
-
SSDEEP
768:JW2myW5zrY3m+KDOtELVpuyUEQNIM4ZktwkVlXFbkdzxll9q3UELMIk9r/e/lQMv:A7d5zrY3mVqtSEyUE0IM4Fk7Fbkdzv4x
Malware Config
Extracted
mirai
LZRD
Signatures
-
Mirai
Mirai is a prevalent Linux malware infecting exposed network devices.
-
Creates a large amount of network flows 1 TTPs
This may indicate a network scan to discover remotely running services.
-
Modifies Watchdog functionality 1 TTPs 2 IoCs
Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.
-
Unexpected DNS network traffic destination 64 IoCs
Network traffic to other servers than the configured DNS servers was detected on the DNS port.
-
Writes file to system bin folder 1 TTPs 2 IoCs
-
Reads runtime system information 25 IoCs
Reads data from /proc virtual filesystem.
Processes
-
/tmp/aed49bccdeca28913942f2362217d11c.elf/tmp/aed49bccdeca28913942f2362217d11c.elf1⤵
- Reads runtime system information