mirai | a3e816d540b5f21564138f332f70ea4f725d70ccdbfb52e395a4ab3bc9e02bf4 | Triage

Analysis

max time kernel
0s
platform
debian-9_armhf
resource
debian9-armhf-20240226-en
resource tags

arch:armhfimage:debian9-armhf-20240226-enkernel:4.9.0-13-armmp-lpaelocale:en-usos:debian-9-armhfsystem
submitted
17-03-2024 09:58

Sharing

Report Analysis Logs

General

Target

f23beb02a9ef5f69d3a92974eb3130c2.elf
Size

51KB
MD5

f23beb02a9ef5f69d3a92974eb3130c2
SHA1

812bace7b164f4ef31040e463e9eb070a17be6ed
SHA256

a3e816d540b5f21564138f332f70ea4f725d70ccdbfb52e395a4ab3bc9e02bf4
SHA512

3a7e373d11ead69d2f4a8559a5e1b7b9b2292e888dfa6df588f895e01ef10456e2dd4e12b4c672c009ca3d9a03c082c4017c69593559976648cc213036a921e3
SSDEEP

1536:69O/ZMAXIxNUk0ALcPqF1aBexo4opKZbc:69O/ZNKycLGqFUF9

Score

10^/10

mirai sora botnet

Malware Config

Extracted

Family

mirai

Botnet

SORA

Signatures

Mirai
Mirai is a prevalent Linux malware infecting exposed network devices.
botnet mirai
Reads runtime system information 1 IoCs
Reads data from /proc virtual filesystem.

Processes:

f23beb02a9ef5f69d3a92974eb3130c2.elf

description ioc process

File opened for reading /proc/self/exe f23beb02a9ef5f69d3a92974eb3130c2.elf

/tmp/f23beb02a9ef5f69d3a92974eb3130c2.elf
/tmp/f23beb02a9ef5f69d3a92974eb3130c2.elf
1⤵
- Reads runtime system information
PID:659

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/659-1-0x00008000-0x00029794-memory.dmp

Download