Analysis
-
max time kernel
155s -
max time network
160s -
platform
ubuntu-18.04_amd64 -
resource
ubuntu1804-amd64-20231215-en -
resource tags
-
submitted
26/01/2024, 14:15
General
-
Target
ac4d02757f1d3dbc1204528910484d76
-
Size
32KB
-
MD5
ac4d02757f1d3dbc1204528910484d76
-
SHA1
a6de6bd83303f41c4c6e413d216cd89af97d9316
-
SHA256
3efc0a994f39d73cfa1aad47431173a6628753fc5eed4906ad597c23682e5930
-
SHA512
724e5e166f27f91258e613a165aa862ac4e0e3542a672cd59cba77dd233d199ccbc26ecafd479a67e4a1a78293bc9af38fdce5c6272ae4712a783ea39900d8a7
-
SSDEEP
768:ar3y3AWzDZU5LS4Ucg37/LSkL4950ydRJx+MbdOo2n:3HzlUhS4UcHj50ixRhOo2n
Malware Config
Extracted
mirai
UNSTABLE
bot.pvp-rivals.com
Signatures
-
Mirai
Mirai is a prevalent Linux malware infecting exposed network devices.
-
Contacts a large (148354) amount of remote hosts 1 TTPs
This may indicate a network scan to discover remotely running services.
-
Creates a large amount of network flows 1 TTPs
This may indicate a network scan to discover remotely running services.
-
Changes its process name 1 IoCs
-
Modifies Watchdog functionality 1 TTPs 2 IoCs
Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.
-
Enumerates running processes
Discovers information about currently running processes on the system
-
Writes file to system bin folder 1 TTPs 2 IoCs
-
Reads runtime system information 64 IoCs
Reads data from /proc virtual filesystem.
Processes
-
/tmp/ac4d02757f1d3dbc1204528910484d76/tmp/ac4d02757f1d3dbc1204528910484d761⤵
- Changes its process name