Analysis
-
max time kernel
152s -
max time network
154s -
platform
debian-9_armhf -
resource
debian9-armhf-20231215-en -
resource tags
arch:armhfimage:debian9-armhf-20231215-enkernel:4.9.0-13-armmp-lpaelocale:en-usos:debian-9-armhfsystem -
submitted
19-12-2023 23:05
General
-
Target
43edfaeb5aaf5b0f88c5e1af03e4f2e0
-
Size
29KB
-
MD5
43edfaeb5aaf5b0f88c5e1af03e4f2e0
-
SHA1
e6eb1dbcb54565d71d0edf4f362c9a708762dc70
-
SHA256
88540b90064aaee7b073dab7323e466060c6b582d08273fe3a9c7d69a63b4b8d
-
SHA512
f640a3e27f18b94982a0cdc2c17dc857278494856cb5028062b1778064dbabd53408fd14c50464b74db25792d2618d14dce72095533bb2e55f1f8d0ea184d924
-
SSDEEP
768:MsUBacyByf/2KXyaeeDpV6JxY3BGEbOorjt2ls3Uozj:MsA/20yalvRBGEb51Pzj
Malware Config
Extracted
Family
mirai
Botnet
UNST
Signatures
-
Contacts a large (20582) amount of remote hosts 1 TTPs
This may indicate a network scan to discover remotely running services.
-
Creates a large amount of network flows 1 TTPs
This may indicate a network scan to discover remotely running services.
-
Modifies Watchdog functionality 1 TTPs 2 IoCs
Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.
description ioc File opened for modification /dev/watchdog File opened for modification /dev/misc/watchdog -
Enumerates active TCP sockets 1 TTPs 1 IoCs
Gets active TCP sockets from /proc virtual filesystem.
description ioc File opened for reading /proc/net/tcp -
Enumerates running processes
Discovers information about currently running processes on the system
-
Reads system network configuration 1 TTPs 1 IoCs
Uses contents of /proc filesystem to enumerate network settings.
description ioc File opened for reading /proc/net/tcp -
Reads runtime system information 59 IoCs
Reads data from /proc virtual filesystem.
description ioc Process File opened for reading /proc/575/fd Process not Found File opened for reading /proc/658/fd Process not Found File opened for reading /proc/261/fd Process not Found File opened for reading /proc/279/fd Process not Found File opened for reading /proc/336/fd Process not Found File opened for reading /proc/754/exe Process not Found File opened for reading /proc/766/exe Process not Found File opened for reading /proc/768/exe Process not Found File opened for reading /proc/574/fd Process not Found File opened for reading /proc/657/fd Process not Found File opened for reading /proc/632/exe Process not Found File opened for reading /proc/574/exe Process not Found File opened for reading /proc/262/fd Process not Found File opened for reading /proc/263/fd Process not Found File opened for reading /proc/302/fd Process not Found File opened for reading /proc/568/exe Process not Found File opened for reading /proc/627/exe Process not Found File opened for reading /proc/207/fd Process not Found File opened for reading /proc/572/fd Process not Found File opened for reading /proc/654/fd Process not Found File opened for reading /proc/708/exe Process not Found File opened for reading /proc/750/exe Process not Found File opened for reading /proc/760/exe Process not Found File opened for reading /proc/143/fd Process not Found File opened for reading /proc/267/fd Process not Found File opened for reading /proc/658/exe Process not Found File opened for reading /proc/621/fd Process not Found File opened for reading /proc/764/exe Process not Found File opened for reading /proc/298/fd Process not Found File opened for reading /proc/742/exe Process not Found File opened for reading /proc/756/exe Process not Found File opened for reading /proc/575/exe Process not Found File opened for reading /proc/630/exe Process not Found File opened for reading /proc/633/exe Process not Found File opened for reading /proc/588/fd Process not Found File opened for reading /proc/659/fd Process not Found File opened for reading /proc/572/exe Process not Found File opened for reading /proc/762/exe Process not Found File opened for reading /proc/300/fd Process not Found File opened for reading /proc/636/fd Process not Found File opened for reading /proc/770/exe Process not Found File opened for reading /proc/627/fd Process not Found File opened for reading /proc/628/fd Process not Found File opened for reading /proc/704/exe Process not Found File opened for reading /proc/568/fd Process not Found File opened for reading /proc/652/fd Process not Found File opened for reading /proc/758/exe Process not Found File opened for reading /proc/655/fd Process not Found File opened for reading /proc/772/exe Process not Found File opened for reading /proc/669/exe Process not Found File opened for reading /proc/774/exe Process not Found File opened for reading /proc/1/fd Process not Found File opened for reading /proc/165/fd Process not Found File opened for reading /proc/655/exe Process not Found File opened for reading /proc/776/exe Process not Found File opened for reading /proc/778/exe Process not Found File opened for reading /proc/self/exe 43edfaeb5aaf5b0f88c5e1af03e4f2e0 File opened for reading /proc/588/exe Process not Found File opened for reading /proc/686/exe Process not Found