mirai | 674b7b0065541f6ad19e8f7548a3bc262977161d6a0f336765453d733e9337dd

Analysis

max time kernel
5s
max time network
122s
platform
debian-9_mips
resource
debian9-mipsbe-20230831-en
resource tags

arch:mipsimage:debian9-mipsbe-20230831-enkernel:4.9.0-13-4kc-maltalocale:en-usos:debian-9-mipssystem
submitted
15-10-2023 14:39

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

NEAS.674b7b0065541f6ad19e8f7548a3bc262977161d6a0f336765453d733e9337ddelf_JC.elf
Size

28KB
MD5

1ae26d4273ba1b7645b3ea5a3174e60c
SHA1

e0689e490ab94ecf0d61778980ea7614fbd76657
SHA256

674b7b0065541f6ad19e8f7548a3bc262977161d6a0f336765453d733e9337dd
SHA512

2d9adad1fa23d0ac8981f6fbdbe622834c93d6f1e0c24dcc945f51e2be4c403a4bc25c674f2d743b040905aeab48f3b5a3190607ef59b347b30c2403e057942b
SSDEEP

768:5FqhCAkWQ04Blne1p1FZQwnm+l8RFBHZJgGlzDpbuR1J9:5shzk/rUdQwnm+l83BHLVJuP

Score

10^/10

mirai sora botnet

Malware Config

Extracted

Family

mirai

Botnet

SORA

Signatures

Mirai
Mirai is a prevalent Linux malware infecting exposed network devices.
botnet mirai

Enumerates active TCP sockets 1 TTPs 1 IoCs

Gets active TCP sockets from /proc virtual filesystem.

System Network Connections Discovery

T1049

description	ioc	Process
File opened for reading	/proc/net/tcp	NEAS.674b7b0065541f6ad19e8f7548a3bc262977161d6a0f336765453d733e9337ddelf_JC.elf

Reads system network configuration 1 TTPs 1 IoCs

Uses contents of /proc filesystem to enumerate network settings.

System Network Configuration Discovery

T1016

description	ioc	Process
File opened for reading	/proc/net/tcp	NEAS.674b7b0065541f6ad19e8f7548a3bc262977161d6a0f336765453d733e9337ddelf_JC.elf

/tmp/NEAS.674b7b0065541f6ad19e8f7548a3bc262977161d6a0f336765453d733e9337ddelf_JC.elf
/tmp/NEAS.674b7b0065541f6ad19e8f7548a3bc262977161d6a0f336765453d733e9337ddelf_JC.elf
1⤵
- Enumerates active TCP sockets
- Reads system network configuration
PID:326

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Network Configuration Discovery

T1016

System Network Connections Discovery

T1049

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Analysis

Sharing

General

Malware Config

Extracted

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads