mirai | bd50f68cf4a6b19f5ea8d41a30ec8c6ed3717927f514ac4c1e52fe4705e72829 | Triage

Analysis

max time kernel
2s
max time network
126s
platform
linux_armhf
resource
debian9-armhf-en-20211208
resource tags

arch:armhfimage:debian9-armhf-en-20211208kernel:4.9.0-13-armmp-lpaelocale:en-usos:debian-9-armhfsystem
submitted
28-08-2023 00:49

Sharing

Report Analysis Logs

General

Target

cad0000d8ff0335882f7f9b6e2c4f6db.elf
Size

32KB
MD5

cad0000d8ff0335882f7f9b6e2c4f6db
SHA1

13bae3e8b8ed1c324c7f9660a29b1752605046e9
SHA256

bd50f68cf4a6b19f5ea8d41a30ec8c6ed3717927f514ac4c1e52fe4705e72829
SHA512

c8b518aee4c60f71b531d0756057432089c2d8ec7e848d3537d82b99f11a9d86ebadd762670e8572bc7778f4bc5bf673c5a206bd8b9477a2ef98b4268b5ff9a7
SSDEEP

768:8oiWiO031vpAPbrVWZK3XVGxm9XqI9q3UEL5Iv:8orm1vpALgUJqxLU

Score

10^/10

mirai sora botnet

Malware Config

Extracted

Family

mirai

Botnet

SORA

Signatures

Mirai
Mirai is a prevalent Linux malware infecting exposed network devices.
botnet mirai
Reads runtime system information 1 IoCs
Reads data from /proc virtual filesystem.

Processes:

cad0000d8ff0335882f7f9b6e2c4f6db.elf

description ioc process

File opened for reading /proc/self/exe cad0000d8ff0335882f7f9b6e2c4f6db.elf

/tmp/cad0000d8ff0335882f7f9b6e2c4f6db.elf
/tmp/cad0000d8ff0335882f7f9b6e2c4f6db.elf
1⤵
- Reads runtime system information
PID:351

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/351-1-0x00008000-0x0002db18-memory.dmp

Download