Overview

overview

10

Static

static

7

shindempsl.elf

debian-9-mipsel

10

Analysis

  • max time kernel
    150s
  • max time network
    148s
  • platform
    linux_mipsel
  • resource
    debian9-mipsel-en-20211208
  • resource tags

    arch:mipselimage:debian9-mipsel-en-20211208kernel:4.9.0-13-4kc-maltalocale:en-usos:debian-9-mipselsystem
  • submitted
    10/07/2023, 07:01

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    shindempsl.elf

  • Size

    42KB

  • MD5

    47dc17a6e3fbdee136118d046294a2d8

  • SHA1

    d620a50badb18cfc66d9b696ae4f5e036964114d

  • SHA256

    108678473c529d1785c5f0ea37a4b466126dc99486bdd88f0924247f4e23e36b

  • SHA512

    9a0956df41e315e0895d0d0c5017e3116f666c19507481e724112af6363ba369ccbc758c7ca7a14ab546a629224234744b2fa3fb6f92a7e3a9f757cb0b82388c

  • SSDEEP

    768:FfWj7FKoPftaq84kAQ8IOjyjbNaZ+MmWFM8Eg7JzBrofaWMA:NCpKoPFa59a1jyj8yoxLnrofB

Score
10/10
miraiunstablebotnet

Malware Config

Extracted

Family

mirai

Botnet

UNSTABLE

Signatures

  • Mirai

    Mirai is a prevalent Linux malware infecting exposed network devices.

    botnetmirai
  • Changes its process name 1 IoCs
  • Modifies Watchdog functionality 1 TTPs 2 IoCs

    Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.

  • Writes file to system bin folder 1 TTPs 2 IoCs
  • Reads runtime system information 1 IoCs

    Reads data from /proc virtual filesystem.

Processes

  • /tmp/shindempsl.elf
    /tmp/shindempsl.elf
    1⤵
    • Changes its process name
    • Reads runtime system information
    PID:331

Network

        MITRE ATT&CK Enterprise v6

        Replay Monitor

        Loading Replay Monitor...

        Downloads