Overview

overview

10

Static

static

7

4ac8d3f450...99efb0

debian-9-mipsel

10

Analysis

  • max time kernel
    148s
  • max time network
    149s
  • platform
    debian-9_mipsel
  • resource
    debian9-mipsel-20231221-en
  • resource tags

    arch:mipselimage:debian9-mipsel-20231221-enkernel:4.9.0-13-4kc-maltalocale:en-usos:debian-9-mipselsystem
  • submitted
    08-01-2024 07:16

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    4ac8d3f4507f56ebd2d4bd03ee99efb0

  • Size

    30KB

  • MD5

    4ac8d3f4507f56ebd2d4bd03ee99efb0

  • SHA1

    7bb782ac965de9d285f9f8dec64cb976ec31ab84

  • SHA256

    351938dc8579065529867abc193275df8217b5991a1eb4e11d2ad7f4120c3b84

  • SHA512

    0ce08dfbca3ec0a60dc9541e5ead97c2343f25d70a4eeb53c53bd5ff18cca0180b7b5e6e5a682a94ba5250d2ec9da80027afd41dfa7e68200576041fbb4046ef

  • SSDEEP

    768:dIzufEvBjlcRXvT4Qw8OoBL7WY6AmRYkc1AWx:deueK9vcQNrvW8CYnj

Score
10/10
mirailzrdbotnetdiscovery

Malware Config

Extracted

Family

mirai

Botnet

LZRD

Signatures

  • Mirai

    Mirai is a prevalent Linux malware infecting exposed network devices.

    botnetmirai
  • Contacts a large (11874) amount of remote hosts 1 TTPs

    This may indicate a network scan to discover remotely running services.

    discovery
  • Modifies Watchdog functionality 1 TTPs 2 IoCs

    Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.

  • Creates a large amount of network flows 1 TTPs

    This may indicate a network scan to discover remotely running services.

    discovery
  • Reads runtime system information 13 IoCs

    Reads data from /proc virtual filesystem.

Processes

  • /tmp/4ac8d3f4507f56ebd2d4bd03ee99efb0
    /tmp/4ac8d3f4507f56ebd2d4bd03ee99efb0
    1⤵
      PID:715

    Network

    MITRE ATT&CK Enterprise v15

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • memory/715-1-0x00400000-0x00455b88-memory.dmp

      Download