mirai | c53348d996077ac0dc15affe0b0c521d9a9c8430fca283629cbc782fe7a78ddf

Analysis

max time kernel
151s
max time network
153s
platform
debian-12_mipsel
resource
debian12-mipsel-20240221-en
resource tags

arch:mipselimage:debian12-mipsel-20240221-enkernel:6.1.0-17-4kc-maltalocale:en-usos:debian-12-mipselsystem
submitted
19/03/2024, 16:41

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

863c0fcacb7aa149c296369d16af14e7.elf
Size

19KB
MD5

863c0fcacb7aa149c296369d16af14e7
SHA1

48d7ee2c8ea801832d7f37bc5445d728dbfd75f9
SHA256

c53348d996077ac0dc15affe0b0c521d9a9c8430fca283629cbc782fe7a78ddf
SHA512

bdb4f982bb020df07322ec88fcdaf9743c6e54e0a567c0ac5676aa6d93caf2feff2b6e0fc2418d55762d543cfddb9b7586e48df030967ab49221a92957040f71
SSDEEP

384:Fvn4H2VFCg0cBW6phrhlPvueBjyxNjwbMtUx9lBZ5XBGYToYwWjRWGVCz0Nv6a:FAWVFCg7W6l3rgjwn9d5RGYToYxtWI

Score

10^/10

mirai botnet

Malware Config

Signatures

Mirai
Mirai is a prevalent Linux malware infecting exposed network devices.
botnet mirai

Changes its process name 1 IoCs

description	ioc	pid	Process
Changes the process name, possibly in an attempt to hide itself	38LJ418A	728	863c0fcacb7aa149c296369d16af14e7.elf

Modifies Watchdog functionality 1 TTPs 2 IoCs

Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.

Impair Defenses

T1562

description	ioc
File opened for modification	/dev/watchdog
File opened for modification	/dev/misc/watchdog

Reads runtime system information 16 IoCs

Reads data from /proc virtual filesystem.

description	ioc
File opened for reading	/proc/717/exe
File opened for reading	/proc/783/exe
File opened for reading	/proc/671/exe
File opened for reading	/proc/672/exe
File opened for reading	/proc/682/exe
File opened for reading	/proc/692/exe
File opened for reading	/proc/694/exe
File opened for reading	/proc/712/exe
File opened for reading	/proc/718/exe
File opened for reading	/proc/719/exe
File opened for reading	/proc/730/exe
File opened for reading	/proc/715/exe
File opened for reading	/proc/418/exe
File opened for reading	/proc/420/exe
File opened for reading	/proc/435/exe
File opened for reading	/proc/738/exe

/tmp/863c0fcacb7aa149c296369d16af14e7.elf
/tmp/863c0fcacb7aa149c296369d16af14e7.elf
1⤵
- Changes its process name
PID:728

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Impair Defenses

T1562

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads