Analysis
-
max time kernel
154s -
max time network
157s -
platform
ubuntu-18.04_amd64 -
resource
ubuntu1804-amd64-20231215-en -
resource tags
arch:amd64arch:i386image:ubuntu1804-amd64-20231215-enkernel:4.15.0-213-genericlocale:en-usos:ubuntu-18.04-amd64system -
submitted
20-12-2023 07:57
General
-
Target
9188ba937c7c02f7537ebbc103efffa6
-
Size
28KB
-
MD5
9188ba937c7c02f7537ebbc103efffa6
-
SHA1
9def26a31403a3bfa6d5b4466f185fd45a491d2d
-
SHA256
8f576eca72a51fb533491b99a64f2d77d36edc7c90f8598439c7cfe4622e87ff
-
SHA512
a1e3b712f208e7381c05b9c44e6e60b7f9852496307cc4a2220e553bd02899d86f776a9325da50a0a6072b814fed49f243528fbe03af7126c723eb3e60b4526b
-
SSDEEP
768:pCpuAWk6DWclA4xC9lQg0uq0xm/jiggzVVMRr:gpD/OWl4xDL0xm/ezVCr
Malware Config
Extracted
mirai
MIRAI
Signatures
-
Contacts a large (40953) amount of remote hosts 1 TTPs
This may indicate a network scan to discover remotely running services.
-
Creates a large amount of network flows 1 TTPs
This may indicate a network scan to discover remotely running services.
-
Modifies Watchdog functionality 1 TTPs 2 IoCs
Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.
description ioc File opened for modification /dev/misc/watchdog File opened for modification /dev/watchdog -
Enumerates active TCP sockets 1 TTPs 1 IoCs
Gets active TCP sockets from /proc virtual filesystem.
description ioc File opened for reading /proc/net/tcp -
Enumerates running processes
Discovers information about currently running processes on the system
-
Reads system network configuration 1 TTPs 1 IoCs
Uses contents of /proc filesystem to enumerate network settings.
description ioc File opened for reading /proc/net/tcp -
Reads runtime system information 64 IoCs
Reads data from /proc virtual filesystem.
description ioc File opened for reading /proc/2005/exe File opened for reading /proc/279/fd File opened for reading /proc/346/fd File opened for reading /proc/1648/exe File opened for reading /proc/1920/exe File opened for reading /proc/2931/exe File opened for reading /proc/2935/exe File opened for reading /proc/341/fd File opened for reading /proc/1745/exe File opened for reading /proc/1766/exe File opened for reading /proc/1919/exe File opened for reading /proc/519/fd File opened for reading /proc/454/fd File opened for reading /proc/1687/exe File opened for reading /proc/1964/exe File opened for reading /proc/1981/exe File opened for reading /proc/2890/exe File opened for reading /proc/449/fd File opened for reading /proc/477/exe File opened for reading /proc/1554/exe File opened for reading /proc/1892/exe File opened for reading /proc/1926/exe File opened for reading /proc/2115/exe File opened for reading /proc/2186/exe File opened for reading /proc/2508/exe File opened for reading /proc/450/fd File opened for reading /proc/2884/exe File opened for reading /proc/2885/exe File opened for reading /proc/2904/exe File opened for reading /proc/3469/exe File opened for reading /proc/3518/exe File opened for reading /proc/2613/exe File opened for reading /proc/546/fd File opened for reading /proc/449/exe File opened for reading /proc/1765/exe File opened for reading /proc/2151/exe File opened for reading /proc/2157/exe File opened for reading /proc/2193/exe File opened for reading /proc/2498/exe File opened for reading /proc/438/fd File opened for reading /proc/1890/exe File opened for reading /proc/1896/exe File opened for reading /proc/2206/exe File opened for reading /proc/2895/exe File opened for reading /proc/3487/exe File opened for reading /proc/1564/exe File opened for reading /proc/1695/exe File opened for reading /proc/1902/exe File opened for reading /proc/2110/exe File opened for reading /proc/2229/exe File opened for reading /proc/465/exe File opened for reading /proc/454/exe File opened for reading /proc/532/exe File opened for reading /proc/1985/exe File opened for reading /proc/2230/exe File opened for reading /proc/2889/exe File opened for reading /proc/2903/exe File opened for reading /proc/3464/exe File opened for reading /proc/444/fd File opened for reading /proc/1616/exe File opened for reading /proc/2224/exe File opened for reading /proc/421/exe File opened for reading /proc/2012/exe File opened for reading /proc/2499/exe