mirai | 68e6fdf53d29d3e30169a0c87e4102e5f96a84b957e436e3dc9001e1928a82e3

Analysis

max time kernel
146s
max time network
151s
platform
debian-9_armhf
resource
debian9-armhf-20221125-en
resource tags

arch:armhfimage:debian9-armhf-20221125-enkernel:4.9.0-13-armmp-lpaelocale:en-usos:debian-9-armhfsystem
submitted
08/06/2023, 06:13

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

35cad1eb36c8e59a5a2a53abfe7c4c7b.elf
Size

41KB
MD5

35cad1eb36c8e59a5a2a53abfe7c4c7b
SHA1

d33eb9f405354eba1b4cb7ef68d72840e5740555
SHA256

68e6fdf53d29d3e30169a0c87e4102e5f96a84b957e436e3dc9001e1928a82e3
SHA512

407813e89d985354976f65e5bdbc3d6fe57e3db3b61c048272fbf7de014a138a3f7e7bb811296553d772c0fefc07339c828e77bf95c575741d30405b55b6e7c8
SSDEEP

768:X8Ga3IWV8ELJV+/UvmtvyU8dSyVq3UInh0WBKypAR673/J:XoaEl+UvwadSyynh0WBKC73x

Score

10^/10

mirai botnet

Malware Config

Signatures

Mirai
Mirai is a prevalent Linux malware infecting exposed network devices.
botnet mirai

Changes its process name 1 IoCs

description	ioc	pid	Process
Changes the process name, possibly in an attempt to hide itself	a	360	35cad1eb36c8e59a5a2a53abfe7c4c7b.elf

Enumerates running processes
Discovers information about currently running processes on the system

Reads runtime system information 64 IoCs

Reads data from /proc virtual filesystem.

description	ioc	Process
File opened for reading	/proc/self/exe	35cad1eb36c8e59a5a2a53abfe7c4c7b.elf
File opened for reading	/proc/6/cmdline	Process not Found
File opened for reading	/proc/24/cmdline	Process not Found
File opened for reading	/proc/283/cmdline	Process not Found
File opened for reading	/proc/42/cmdline	Process not Found
File opened for reading	/proc/392/cmdline	Process not Found
File opened for reading	/proc/3/cmdline	Process not Found
File opened for reading	/proc/21/cmdline	Process not Found
File opened for reading	/proc/235/cmdline	Process not Found
File opened for reading	/proc/371/cmdline	Process not Found
File opened for reading	/proc/388/cmdline	Process not Found
File opened for reading	/proc/11/cmdline	Process not Found
File opened for reading	/proc/19/cmdline	Process not Found
File opened for reading	/proc/28/cmdline	Process not Found
File opened for reading	/proc/43/cmdline	Process not Found
File opened for reading	/proc/5/cmdline	Process not Found
File opened for reading	/proc/9/cmdline	Process not Found
File opened for reading	/proc/22/cmdline	Process not Found
File opened for reading	/proc/27/cmdline	Process not Found
File opened for reading	/proc/236/cmdline	Process not Found
File opened for reading	/proc/306/cmdline	Process not Found
File opened for reading	/proc/363/cmdline	Process not Found
File opened for reading	/proc/8/cmdline	Process not Found
File opened for reading	/proc/105/cmdline	Process not Found
File opened for reading	/proc/380/cmdline	Process not Found
File opened for reading	/proc/142/cmdline	Process not Found
File opened for reading	/proc/309/cmdline	Process not Found
File opened for reading	/proc/318/cmdline	Process not Found
File opened for reading	/proc/359/cmdline	Process not Found
File opened for reading	/proc/376/cmdline	Process not Found
File opened for reading	/proc/15/cmdline	Process not Found
File opened for reading	/proc/10/cmdline	Process not Found
File opened for reading	/proc/18/cmdline	Process not Found
File opened for reading	/proc/20/cmdline	Process not Found
File opened for reading	/proc/215/cmdline	Process not Found
File opened for reading	/proc/307/cmdline	Process not Found
File opened for reading	/proc/384/cmdline	Process not Found
File opened for reading	/proc/386/cmdline	Process not Found
File opened for reading	/proc/13/cmdline	Process not Found
File opened for reading	/proc/17/cmdline	Process not Found
File opened for reading	/proc/26/cmdline	Process not Found
File opened for reading	/proc/134/cmdline	Process not Found
File opened for reading	/proc/137/cmdline	Process not Found
File opened for reading	/proc/232/cmdline	Process not Found
File opened for reading	/proc/355/cmdline	Process not Found
File opened for reading	/proc/25/cmdline	Process not Found
File opened for reading	/proc/382/cmdline	Process not Found
File opened for reading	/proc/390/cmdline	Process not Found
File opened for reading	/proc/458/cmdline	Process not Found
File opened for reading	/proc/108/cmdline	Process not Found
File opened for reading	/proc/162/cmdline	Process not Found
File opened for reading	/proc/368/cmdline	Process not Found
File opened for reading	/proc/451/cmdline	Process not Found
File opened for reading	/proc/455/cmdline	Process not Found
File opened for reading	/proc/497/cmdline	Process not Found
File opened for reading	/proc/2/cmdline	Process not Found
File opened for reading	/proc/284/cmdline	Process not Found
File opened for reading	/proc/358/cmdline	Process not Found
File opened for reading	/proc/378/cmdline	Process not Found
File opened for reading	/proc/14/cmdline	Process not Found
File opened for reading	/proc/41/cmdline	Process not Found
File opened for reading	/proc/76/cmdline	Process not Found
File opened for reading	/proc/107/cmdline	Process not Found
File opened for reading	/proc/356/cmdline	Process not Found

/tmp/35cad1eb36c8e59a5a2a53abfe7c4c7b.elf
/tmp/35cad1eb36c8e59a5a2a53abfe7c4c7b.elf
1⤵
- Changes its process name
- Reads runtime system information
PID:360

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads