mirai | 920dc3757098754ad387c1c10b2fec7250a17dd16722295a9e3fe451c4445154 | Triage

Analysis

max time kernel
137s
max time network
139s
platform
debian-9_armhf
resource
debian9-armhf-20231221-en
resource tags

arch:armhfimage:debian9-armhf-20231221-enkernel:4.9.0-13-armmp-lpaelocale:en-usos:debian-9-armhfsystem
submitted
04/02/2024, 20:06

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

VRarm.elf
Size

65KB
MD5

605db2ce265a2886f8791ccbad575e58
SHA1

2b4c6e0283c7597f3b51603418ee7c087763c034
SHA256

920dc3757098754ad387c1c10b2fec7250a17dd16722295a9e3fe451c4445154
SHA512

f52be9a5209e17c9a6b100c8fa05fd141868d52ba025bc652bc2f60d50ebe44dc8149a8340e8760e4179a3b7c1377d7fe989a47359d49bd8dfade40200196c2f
SSDEEP

1536:6wPXmKOGnfacWlk9nBHP7Okt2rGjXD/4nv5:6wR9nxArQE5

Score

10^/10

mirai mirai botnet

Malware Config

Extracted

Family

mirai

Botnet

MIRAI

Signatures

Mirai
Mirai is a prevalent Linux malware infecting exposed network devices.
botnet mirai

Changes its process name 2 IoCs

description	ioc	pid	Process
Changes the process name, possibly in an attempt to hide itself	a	666	VRarm.elf
Changes the process name, possibly in an attempt to hide itself	ad502vgan0bn7nau	666	VRarm.elf

Writes file to tmp directory 1 IoCs

Malware often drops required files in the /tmp directory.

description	ioc	Process
File opened for modification	/tmp/tempvxmbqA	VRarm.elf

/tmp/VRarm.elf
/tmp/VRarm.elf
1⤵
- Changes its process name
- Writes file to tmp directory
PID:666

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

/tmp/tempvxmbqA

Filesize
20KB

MD5
0237487809f014a7fea4cf8a19e813fb

SHA1
c4d2ee159a85bd92d16f10254695e483922b394f

SHA256
e2bd3f8509b45b6e0372268b2ec6bce158223dde9079736db12052ab1e51723f

SHA512
27a454924f8d56fd6bd3a9ecf923fb0a8bf4b79a5a83f9aa3c893f4bcc78f6fa66e366aea9640b81f48a19daa462d5bbe4c1374e3a43815001a6efe0a1ded129

Download Submit