Analysis

  • max time kernel
    0s
  • platform
    debian-9_armhf
  • resource
    debian9-armhf-20231221-en
  • resource tags

    arch:armhfimage:debian9-armhf-20231221-enkernel:4.9.0-13-armmp-lpaelocale:en-usos:debian-9-armhfsystem
  • submitted
    20-02-2024 06:00

General

  • Target

    c80f9ba283fcb85d6faaf5443e92a80dd5105344ca2eb1f268bf5444d853e750.elf

  • Size

    51KB

  • MD5

    1bfc325dc86b7af8f117707d1902b4a7

  • SHA1

    e18593de88bf3ef0ed7cc605087df2022fed1301

  • SHA256

    c80f9ba283fcb85d6faaf5443e92a80dd5105344ca2eb1f268bf5444d853e750

  • SHA512

    da1c88904829e82a16109f64e8e2718241a178924777932e43c7b00af68991d58ef9ae1eeb3eec1935bff951276c4063a6353fba8e26e1f132bc74639aca625b

  • SSDEEP

    1536:d9O/ZMAXIxNUk0yNwLLcPqF1aBexo4opKZb8:d9O/ZNKybLLGqFUFV

Score
10/10

Malware Config

Extracted

Family

mirai

Botnet

SORA

Signatures

  • Mirai

    Mirai is a prevalent Linux malware infecting exposed network devices.

  • Reads runtime system information 1 IoCs

    Reads data from /proc virtual filesystem.

Processes

  • /tmp/c80f9ba283fcb85d6faaf5443e92a80dd5105344ca2eb1f268bf5444d853e750.elf
    /tmp/c80f9ba283fcb85d6faaf5443e92a80dd5105344ca2eb1f268bf5444d853e750.elf
    1⤵
    • Reads runtime system information
    PID:668

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/668-1-0x00008000-0x00029794-memory.dmp