Overview

overview

10

Static

static

10

35210x0000...cm.dmp

debian-9-armhf

10

Analysis

  • max time kernel
    137s
  • max time network
    145s
  • platform
    linux_armhf
  • resource
    debian9-armhf-en-20211208
  • resource tags

    arch:armhfimage:debian9-armhf-en-20211208kernel:4.9.0-13-armmp-lpaelocale:en-usos:debian-9-armhfsystem
  • submitted
    04/07/2023, 19:12

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    35210x000080000x000257ecm.dmp

  • Size

    74KB

  • MD5

    4e8ea59f062dd48e3864398c39708c52

  • SHA1

    5a59a14ec24d36e72b12e4fcd08e9616ff8966ec

  • SHA256

    b61593538a121096e60333c5bb812a81a24211e744317dd6d1e4c957bc03cd96

  • SHA512

    9c9a982b1d30449896a54743c28f455484119f3fdd5df01f234d8409b6e8416207215d1bafba4bfd3469011c16a0ec0b600b1b906e2cd05235379676bfa60514

  • SSDEEP

    1536:o2n8ohyqAcyjlEmQ3Y8FagaCByQm6UBlM+iNGJDD03TqO:aohdAcnmqhFagaCByQJNCDD0DqO

Score
10/10
miraimiraibotnet

Malware Config

Extracted

Family

mirai

Botnet

MIRAI

Signatures

  • Mirai

    Mirai is a prevalent Linux malware infecting exposed network devices.

    botnetmirai
  • Changes its process name 1 IoCs
  • Writes file to tmp directory 1 IoCs

    Malware often drops required files in the /tmp directory.

Processes

  • /tmp/35210x000080000x000257ecm.dmp
    /tmp/35210x000080000x000257ecm.dmp
    1⤵
    • Changes its process name
    • Writes file to tmp directory
    PID:351

Network

        MITRE ATT&CK Matrix

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • /tmp/tempIW5A4y
          Filesize

          74KB

          MD5

          4e8ea59f062dd48e3864398c39708c52

          SHA1

          5a59a14ec24d36e72b12e4fcd08e9616ff8966ec

          SHA256

          b61593538a121096e60333c5bb812a81a24211e744317dd6d1e4c957bc03cd96

          SHA512

          9c9a982b1d30449896a54743c28f455484119f3fdd5df01f234d8409b6e8416207215d1bafba4bfd3469011c16a0ec0b600b1b906e2cd05235379676bfa60514

          Download Submit