Analysis

  • max time kernel
    154s
  • max time network
    157s
  • platform
    ubuntu-18.04_amd64
  • resource
    ubuntu1804-amd64-20231215-en
  • resource tags

    arch:amd64arch:i386image:ubuntu1804-amd64-20231215-enkernel:4.15.0-213-genericlocale:en-usos:ubuntu-18.04-amd64system
  • submitted
    20-12-2023 07:57

General

  • Target

    9188ba937c7c02f7537ebbc103efffa6

  • Size

    28KB

  • MD5

    9188ba937c7c02f7537ebbc103efffa6

  • SHA1

    9def26a31403a3bfa6d5b4466f185fd45a491d2d

  • SHA256

    8f576eca72a51fb533491b99a64f2d77d36edc7c90f8598439c7cfe4622e87ff

  • SHA512

    a1e3b712f208e7381c05b9c44e6e60b7f9852496307cc4a2220e553bd02899d86f776a9325da50a0a6072b814fed49f243528fbe03af7126c723eb3e60b4526b

  • SSDEEP

    768:pCpuAWk6DWclA4xC9lQg0uq0xm/jiggzVVMRr:gpD/OWl4xDL0xm/ezVCr

Malware Config

Extracted

Family

mirai

Botnet

MIRAI

Signatures

  • Mirai

    Mirai is a prevalent Linux malware infecting exposed network devices.

  • Contacts a large (40953) amount of remote hosts 1 TTPs

    This may indicate a network scan to discover remotely running services.

  • Creates a large amount of network flows 1 TTPs

    This may indicate a network scan to discover remotely running services.

  • Modifies Watchdog functionality 1 TTPs 2 IoCs

    Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.

  • Enumerates active TCP sockets 1 TTPs 1 IoCs

    Gets active TCP sockets from /proc virtual filesystem.

  • Enumerates running processes

    Discovers information about currently running processes on the system

  • Reads system network configuration 1 TTPs 1 IoCs

    Uses contents of /proc filesystem to enumerate network settings.

  • Reads runtime system information 64 IoCs

    Reads data from /proc virtual filesystem.

Processes

  • /tmp/9188ba937c7c02f7537ebbc103efffa6
    /tmp/9188ba937c7c02f7537ebbc103efffa6
    1⤵
      PID:1544

    Network

    MITRE ATT&CK Enterprise v15

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • memory/1544-1-0x0000000008048000-0x0000000008057840-memory.dmp