Analysis
-
max time kernel
152s -
max time network
160s -
platform
ubuntu-18.04_amd64 -
resource
ubuntu1804-amd64-20231026-en -
resource tags
-
submitted
19-11-2023 23:33
General
-
Target
f8680bc952009a4e7145291292d9f28d245a5658de76f9f8fe4308b8fe176f63.elf
-
Size
37KB
-
MD5
f0f2f7efe0f5c8f302fa9b87e3078d27
-
SHA1
7bc19719ff3d9c80ad9646a8ec759cc80fb74559
-
SHA256
f8680bc952009a4e7145291292d9f28d245a5658de76f9f8fe4308b8fe176f63
-
SHA512
8dca7f814f21013fc10bbafbfbd11d181633ea5e761b79b7a490f3bf948a1e9c0cd2de6c8f901a3eb784655dddb98c3c95ee757675f7fb6e0ba1ffd56981158c
-
SSDEEP
768:BzDhRyZfTb+/zH8nK46wGcjtLza4dtOBjB4RnQWoYxbbyzPkwhcPkvJNTO:BhRYWHz2Gkm4POB2RQWfbezPVuPkxtO
Malware Config
Extracted
mirai
KYTON
Signatures
-
Mirai
Mirai is a prevalent Linux malware infecting exposed network devices.
-
Contacts a large (104854) amount of remote hosts 1 TTPs
This may indicate a network scan to discover remotely running services.
-
Creates a large amount of network flows 1 TTPs
This may indicate a network scan to discover remotely running services.
-
Changes its process name 1 IoCs
-
Modifies Watchdog functionality 1 TTPs 2 IoCs
Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.
-
Writes file to system bin folder 1 TTPs 1 IoCs
Processes
-
/tmp/f8680bc952009a4e7145291292d9f28d245a5658de76f9f8fe4308b8fe176f63.elf/tmp/f8680bc952009a4e7145291292d9f28d245a5658de76f9f8fe4308b8fe176f63.elf1⤵
- Changes its process name