Analysis

  • max time kernel
    0s
  • platform
    debian-9_armhf
  • resource
    debian9-armhf-20240226-en
  • resource tags

    arch:armhfimage:debian9-armhf-20240226-enkernel:4.9.0-13-armmp-lpaelocale:en-usos:debian-9-armhfsystem
  • submitted
    17-03-2024 09:58

General

  • Target

    f23beb02a9ef5f69d3a92974eb3130c2.elf

  • Size

    51KB

  • MD5

    f23beb02a9ef5f69d3a92974eb3130c2

  • SHA1

    812bace7b164f4ef31040e463e9eb070a17be6ed

  • SHA256

    a3e816d540b5f21564138f332f70ea4f725d70ccdbfb52e395a4ab3bc9e02bf4

  • SHA512

    3a7e373d11ead69d2f4a8559a5e1b7b9b2292e888dfa6df588f895e01ef10456e2dd4e12b4c672c009ca3d9a03c082c4017c69593559976648cc213036a921e3

  • SSDEEP

    1536:69O/ZMAXIxNUk0ALcPqF1aBexo4opKZbc:69O/ZNKycLGqFUF9

Score
10/10

Malware Config

Extracted

Family

mirai

Botnet

SORA

Signatures

  • Mirai

    Mirai is a prevalent Linux malware infecting exposed network devices.

  • Reads runtime system information 1 IoCs

    Reads data from /proc virtual filesystem.

Processes

  • /tmp/f23beb02a9ef5f69d3a92974eb3130c2.elf
    /tmp/f23beb02a9ef5f69d3a92974eb3130c2.elf
    1⤵
    • Reads runtime system information
    PID:659

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/659-1-0x00008000-0x00029794-memory.dmp