Analysis
-
max time kernel
152s -
max time network
155s -
platform
debian-9_armhf -
resource
debian9-armhf-20231215-en -
resource tags
-
submitted
19/12/2023, 22:55
General
-
Target
33b14bb31f049abf4d141a9883e27b99
-
Size
31KB
-
MD5
33b14bb31f049abf4d141a9883e27b99
-
SHA1
e64b251cf68e64dbb7f57fed4339d33396f98ad2
-
SHA256
189df058b8e3f6ba1e7d06042eb70974c1dbca54ecb402c8a7f63c55da6b8f2a
-
SHA512
416efe8d491e84cc5b07261ce103cdcb9da77e61490294540b3d071f0ddb1d83327db36d86d1b4ffcb0cd34e1cd30d9de5305912800c81caaec450992374a62c
-
SSDEEP
768:4TkLsny9QEgYkVgqlRRAxrLLqJL6I50jqEWZr3UM:4T3E9A3mN/kLQjqpT
Malware Config
Extracted
mirai
LZRD
Signatures
-
Mirai
Mirai is a prevalent Linux malware infecting exposed network devices.
-
Contacts a large (22871) amount of remote hosts 1 TTPs
This may indicate a network scan to discover remotely running services.
-
Creates a large amount of network flows 1 TTPs
This may indicate a network scan to discover remotely running services.
-
Modifies Watchdog functionality 1 TTPs 2 IoCs
Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.
-
Enumerates running processes
Discovers information about currently running processes on the system
-
Reads runtime system information 31 IoCs
Reads data from /proc virtual filesystem.
Processes
-
/tmp/33b14bb31f049abf4d141a9883e27b99/tmp/33b14bb31f049abf4d141a9883e27b991⤵
- Modifies Watchdog functionality
- Reads runtime system information