Analysis
-
max time kernel
150s -
max time network
152s -
platform
debian-9_armhf -
resource
debian9-armhf-20231221-en -
resource tags
arch:armhfimage:debian9-armhf-20231221-enkernel:4.9.0-13-armmp-lpaelocale:en-usos:debian-9-armhfsystem -
submitted
12-02-2024 18:41
General
-
Target
arm7
-
Size
58KB
-
MD5
60b10da752b888d644e650933a3379f2
-
SHA1
3ed6c0b972869da6273757f3f1c94d8d351d11dc
-
SHA256
4e2c5513cf1c4a3c12c6e108d0120d57355b3411c30d59dfb0d263ad932b6868
-
SHA512
002a6e7f6c4d909056cc51e227fcc8c776ccad9d1e600513a83ce4876cd035bb12f129ca3a1a48d21d76bd654058c19af55fe3d3a66186786779dc8bf4df8e4b
-
SSDEEP
1536:vPsS3RDMckLByMgLGohIovgh5/CLNh4Mt/hr25eg2:vPsSBDMcnxzQh5qLNhH3K5S
Malware Config
Extracted
Family
mirai
Botnet
MIRAI
Signatures
-
Contacts a large (73694) amount of remote hosts 1 TTPs
This may indicate a network scan to discover remotely running services.
-
Creates a large amount of network flows 1 TTPs
This may indicate a network scan to discover remotely running services.
-
Changes its process name 1 IoCs
Processes:
arm7description ioc pid process Changes the process name, possibly in an attempt to hide itself svfvtlhajlh48ge21isdkhs8 665 arm7 -
Deletes itself 1 IoCs
Processes:
arm7pid process 665 arm7 -
Modifies Watchdog functionality 1 TTPs 2 IoCs
Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.
Processes:
arm7description ioc process File opened for modification /dev/misc/watchdog arm7 File opened for modification /dev/watchdog arm7 -
Reads runtime system information 1 IoCs
Reads data from /proc virtual filesystem.
Processes:
arm7description ioc process File opened for reading /proc/self/exe arm7