Overview

overview

10

Static

static

7

arm7.elf

debian-9-armhf

10

Analysis

  • max time kernel
    1s
  • max time network
    126s
  • platform
    debian-9_armhf
  • resource
    debian9-armhf-20230831-en
  • resource tags

    arch:armhfimage:debian9-armhf-20230831-enkernel:4.9.0-13-armmp-lpaelocale:en-usos:debian-9-armhfsystem
  • submitted
    06/10/2023, 11:01

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    arm7.elf

  • Size

    50KB

  • MD5

    5c7b331aa38795a202db1a98352c342f

  • SHA1

    a2ccdc33f1ee246eb466c6ae43bce71d3c170f94

  • SHA256

    bce4f077424f31cfff3f8ec50a7c9bda802b4a0b08b27e18e69ad7c4127c32bb

  • SHA512

    b963c9a2f1f6cb0aedbc4cf80a55af99a6fe3f5a273e76cd24421f567928ed1e138768e1e72e86cc784ccce42cf424ab7e4f8f8f5e3fa3bdcd9dbe567cdc1f0b

  • SSDEEP

    1536:la8ZqK2kfJzQA3XbURnB+0J06Kz4sjHLYwKeokllDiP:lHqK2kfX3XbUpBBKz4qHLjW

Score
10/10
miraibotnetbotnet

Malware Config

Extracted

Family

mirai

Botnet

BOTNET

Signatures

  • Mirai

    Mirai is a prevalent Linux malware infecting exposed network devices.

    botnetmirai
  • Changes its process name 1 IoCs
  • Modifies Watchdog functionality 1 TTPs 2 IoCs

    Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.

  • Reads runtime system information 1 IoCs

    Reads data from /proc virtual filesystem.

Processes

  • /tmp/arm7.elf
    /tmp/arm7.elf
    1⤵
    • Changes its process name
    • Modifies Watchdog functionality
    • Reads runtime system information
    PID:368

Network

        MITRE ATT&CK Enterprise v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads