Overview

overview

10

Static

static

7

41b8e5bf80...0a.elf

debian-9-mips

10

Analysis

  • max time kernel
    150s
  • max time network
    147s
  • platform
    debian-9_mips
  • resource
    debian9-mipsbe-20240221-en
  • resource tags

    arch:mipsimage:debian9-mipsbe-20240221-enkernel:4.9.0-13-4kc-maltalocale:en-usos:debian-9-mipssystem
  • submitted
    24-02-2024 02:47

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    41b8e5bf80bbef7fdda33e8973c43cc6dbb529a9fd3d8dffb6ede46f8be8a60a.elf

  • Size

    32KB

  • MD5

    9891e3427da372b839289a20d81bb318

  • SHA1

    859a282fb61302b2335bc4f46ec17fa89066e28c

  • SHA256

    41b8e5bf80bbef7fdda33e8973c43cc6dbb529a9fd3d8dffb6ede46f8be8a60a

  • SHA512

    f46be0a3eb5dd4a03e6ee7d952b730f8c946b2b66598d74c6c10dbf26e7988ce39c70795ef574ad68ff62e62b07c0238b94c47145a17009fd0e3088891bcfb55

  • SSDEEP

    768:1CMOseTJUbXEXC28HVW1154YDRZmKqUiJgGlzDpbuR1JH:I6MC24E1g2mKqUmVJup

Score
10/10
miraimiraibotnetevasion

Malware Config

Extracted

Family

mirai

Botnet

MIRAI

Signatures

  • Mirai

    Mirai is a prevalent Linux malware infecting exposed network devices.

    botnetmirai
  • Changes its process name 1 IoCs
  • Deletes Audit logs 1 TTPs 1 IoCs

    Deletes logs related to the Linux Audit framework.

    evasion
  • Deletes itself 1 IoCs
  • Deletes system logs 1 TTPs 1 IoCs

    Deletes log file which contains global system messages. Adversaries may delete system logs to minimize their footprint.

    evasion
  • Modifies Watchdog functionality 1 TTPs 2 IoCs

    Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.

  • Deletes log files 1 TTPs 1 IoCs

    Deletes log files on the system.

Processes

  • /tmp/41b8e5bf80bbef7fdda33e8973c43cc6dbb529a9fd3d8dffb6ede46f8be8a60a.elf
    /tmp/41b8e5bf80bbef7fdda33e8973c43cc6dbb529a9fd3d8dffb6ede46f8be8a60a.elf
    1⤵
    • Changes its process name
    • Deletes itself
    • Modifies Watchdog functionality
    PID:701

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/701-1-0x00400000-0x004643d0-memory.dmp

    Download