Overview

overview

10

Static

static

7

6f6b877335...JC.elf

debian-9-armhf

10

Analysis

  • max time kernel
    151s
  • max time network
    126s
  • platform
    debian-9_armhf
  • resource
    debian9-armhf-20221111-en
  • resource tags

    arch:armhfimage:debian9-armhf-20221111-enkernel:4.9.0-13-armmp-lpaelocale:en-usos:debian-9-armhfsystem
  • submitted
    21-08-2023 19:01

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    6f6b8773350dbb8ede63d08f9d7e3589c795deb5da4dee5c7f29d3a8b520d645_JC.elf

  • Size

    45KB

  • MD5

    f8a6b08403b1e41106868260183ecabc

  • SHA1

    db48732cac1d9170b3a53d719ef82ae576278fd9

  • SHA256

    6f6b8773350dbb8ede63d08f9d7e3589c795deb5da4dee5c7f29d3a8b520d645

  • SHA512

    d3f3bb4b81094780582e690c79432ea5acf07d44d6ef608f17b6a5461dcf23f12ef722900eaafe0798fba7c725f84051feda93475c7169f97a2c2b79dbdbeb4f

  • SSDEEP

    768:D/TYCoIxdEk+AxoTZAZHFeq8b3g9q3UELbUXfi6nVMQHI4vcGpvY:DECFd+A6YHAxpLRQZY

Score
10/10
mirailzrdbotnet

Malware Config

Extracted

Family

mirai

Botnet

LZRD

Signatures

  • Mirai

    Mirai is a prevalent Linux malware infecting exposed network devices.

    botnetmirai
  • Modifies Watchdog functionality 1 TTPs 2 IoCs

    Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.

  • Enumerates running processes

    Discovers information about currently running processes on the system

  • Writes file to system bin folder 1 TTPs 2 IoCs
  • Reads runtime system information 41 IoCs

    Reads data from /proc virtual filesystem.

Processes

  • /tmp/6f6b8773350dbb8ede63d08f9d7e3589c795deb5da4dee5c7f29d3a8b520d645_JC.elf
    /tmp/6f6b8773350dbb8ede63d08f9d7e3589c795deb5da4dee5c7f29d3a8b520d645_JC.elf
    1⤵
    • Reads runtime system information
    PID:423

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads