Overview

overview

10

Static

static

7

e460144b8e...78.elf

debian-9-armhf

10

Analysis

  • max time kernel
    149s
  • max time network
    153s
  • platform
    debian-9_armhf
  • resource
    debian9-armhf-20240226-en
  • resource tags

    arch:armhfimage:debian9-armhf-20240226-enkernel:4.9.0-13-armmp-lpaelocale:en-usos:debian-9-armhfsystem
  • submitted
    04-04-2024 17:01

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    e460144b8e4f7b3c8f215278565bf478.elf

  • Size

    24KB

  • MD5

    e460144b8e4f7b3c8f215278565bf478

  • SHA1

    244a3037d3e04fea2012855868b91a2196d293b0

  • SHA256

    35e500918fff28f07e3c0740f734fcf37b6c33c011c21c9803053fb127987ac6

  • SHA512

    6a886a0819d7679d5b3fb038a86c17b2f57751fd0d7c4cb4cd5d9c5c23ab8e0f87f771ca41a460cd08e76ffbdb8e2ced5f8f19843a8cf12468b6fc98964c6bff

  • SSDEEP

    384:z38IW6VpRfffL4yNpWjbN/Kv6cCGuTzM0dtTYT+eFIbTxTanq/hymdGUop5hkO:z38IBRT4KwxuuGqM0gP8AOs3Uozf

Score
10/10
miraibotnetdiscovery

Malware Config

Signatures

  • Mirai

    Mirai is a prevalent Linux malware infecting exposed network devices.

    botnetmirai
  • Contacts a large (35320) amount of remote hosts 1 TTPs

    This may indicate a network scan to discover remotely running services.

    discovery
  • Creates a large amount of network flows 1 TTPs

    This may indicate a network scan to discover remotely running services.

    discovery
  • Changes its process name 1 IoCs
  • Modifies Watchdog functionality 1 TTPs 2 IoCs

    Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.

  • Writes file to system bin folder 1 TTPs 2 IoCs
  • Reads runtime system information 1 IoCs

    Reads data from /proc virtual filesystem.

Processes

  • /tmp/e460144b8e4f7b3c8f215278565bf478.elf
    /tmp/e460144b8e4f7b3c8f215278565bf478.elf
    1⤵
    • Changes its process name
    • Reads runtime system information
    PID:665

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads