Analysis

  • max time kernel
    150s
  • max time network
    3s
  • platform
    debian-9_mips
  • resource
    debian9-mipsbe-20240226-en
  • resource tags

    arch:mipsimage:debian9-mipsbe-20240226-enkernel:4.9.0-13-4kc-maltalocale:en-usos:debian-9-mipssystem
  • submitted
    12-03-2024 04:39

General

  • Target

    065142fda6a8fe1845fbbee8366ff17ecd40c8f57ce940e66f7432ef8fe9f49c.elf

  • Size

    23KB

  • MD5

    f150541f0b605488f47cca50fc0ccf39

  • SHA1

    5c62ab5ab0abdd9314ff64dbf8ac65d0fb83effa

  • SHA256

    065142fda6a8fe1845fbbee8366ff17ecd40c8f57ce940e66f7432ef8fe9f49c

  • SHA512

    27cda69221ca4c5b061f3c16392f19c872904c560c960c4b6ee9dc442926ec75310d01920f2c45d4e1bd4a0676e325342c66063611f363b36fc19f2ae4acf325

  • SSDEEP

    384:NeD8ZSH2LLZUYyGZbsOiTrowSXH7+JWJryngV9M5Us+X/l9W+gmdLJgGlzDpH7uE:NeD8ZSWvZHZbs1rowOH7+4rzV++vlMit

Score
10/10

Malware Config

Extracted

Family

mirai

Botnet

LZRD

Signatures

  • Mirai

    Mirai is a prevalent Linux malware infecting exposed network devices.

  • Modifies Watchdog functionality 1 TTPs 2 IoCs

    Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.

  • Writes file to system bin folder 1 TTPs 2 IoCs
  • Reads runtime system information 25 IoCs

    Reads data from /proc virtual filesystem.

Processes

  • /tmp/065142fda6a8fe1845fbbee8366ff17ecd40c8f57ce940e66f7432ef8fe9f49c.elf
    /tmp/065142fda6a8fe1845fbbee8366ff17ecd40c8f57ce940e66f7432ef8fe9f49c.elf
    1⤵
      PID:709

    Network

    MITRE ATT&CK Enterprise v15

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • memory/709-1-0x00400000-0x00451a58-memory.dmp