mirai | d5b0210a381652123b5e573483246fba02ca0e4a7a3e5dc65a7d3559be158153 | Triage

Analysis

max time kernel
0s
platform
debian-9_armhf
resource
debian9-armhf-20240226-en
resource tags

arch:armhfimage:debian9-armhf-20240226-enkernel:4.9.0-13-armmp-lpaelocale:en-usos:debian-9-armhfsystem
submitted
09-04-2024 13:44

Sharing

Report Analysis Logs

General

Target

33a8e76a76fd3d1e4832c487b3d29668.elf
Size

26KB
MD5

33a8e76a76fd3d1e4832c487b3d29668
SHA1

77ef74395084d983c7ec716df29f91f6b96d6346
SHA256

d5b0210a381652123b5e573483246fba02ca0e4a7a3e5dc65a7d3559be158153
SHA512

6cb8760fbcd76316bbb32c128f50cbf85a06e7b9ae8914f61737ece3d18741f7fc7f21b55984c12074235ce8fd1ece52fbdb01821cb1892d52774f1a9881ce05
SSDEEP

768:E1qDK6vmLcPO7mxn5y3N0Ae7Jg3/qrs3UozH:1JFxry+AOECWzH

Score

10^/10

mirai sora botnet

Malware Config

Extracted

Family

mirai

Botnet

SORA

Signatures

Mirai
Mirai is a prevalent Linux malware infecting exposed network devices.
botnet mirai
Reads runtime system information 1 IoCs
Reads data from /proc virtual filesystem.

Processes:

33a8e76a76fd3d1e4832c487b3d29668.elf

description ioc process

File opened for reading /proc/self/exe 33a8e76a76fd3d1e4832c487b3d29668.elf

/tmp/33a8e76a76fd3d1e4832c487b3d29668.elf
/tmp/33a8e76a76fd3d1e4832c487b3d29668.elf
1⤵
- Reads runtime system information
PID:657

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/657-1-0x00008000-0x00021578-memory.dmp

Download