mirai | 5c7b185f5467b231fab0c62172e1b3426e8b6cb8537d0a2e97321cc7e40b1933 | Triage

Analysis

max time kernel
0s
platform
debian-9_armhf
resource
debian9-armhf-20240226-en
resource tags

arch:armhfimage:debian9-armhf-20240226-enkernel:4.9.0-13-armmp-lpaelocale:en-usos:debian-9-armhfsystem
submitted
16-03-2024 19:59

Sharing

Report Analysis Logs

General

Target

ceefc78ed66a9ae98f2654826fd7886f
Size

27KB
MD5

ceefc78ed66a9ae98f2654826fd7886f
SHA1

b6f24ccd20f8514f9d381d3d9d855d4f07626c5a
SHA256

5c7b185f5467b231fab0c62172e1b3426e8b6cb8537d0a2e97321cc7e40b1933
SHA512

353754b3d6a0647cca51277bbd2efc5dbe6dd12a4c5c63b52a41b47e3a27cde674302090a003b61ddb52707cb4328432df8136030f8250a54b980d3a1431da5d
SSDEEP

768:yumwu+8O74b3A8alqvYfb5whU2IaNRYJnVs3Uozo:bmwqHb3zal+YuhXIouYzo

Score

10^/10

mirai sora botnet

Malware Config

Extracted

Family

mirai

Botnet

SORA

Signatures

Mirai
Mirai is a prevalent Linux malware infecting exposed network devices.
botnet mirai
Reads runtime system information 1 IoCs
Reads data from /proc virtual filesystem.

Processes:

ceefc78ed66a9ae98f2654826fd7886f

description ioc process

File opened for reading /proc/self/exe ceefc78ed66a9ae98f2654826fd7886f

/tmp/ceefc78ed66a9ae98f2654826fd7886f
/tmp/ceefc78ed66a9ae98f2654826fd7886f
1⤵
- Reads runtime system information
PID:643

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/643-1-0x00008000-0x00021d18-memory.dmp

Download