mirai | ee5ad4f256c89ac9dd9d96f384cabbe25a731835561f9741b1314d51f66a014a

Analysis

max time kernel
143s
max time network
147s
platform
debian-9_mipsel
resource
debian9-mipsel-20240226-en
resource tags

arch:mipselimage:debian9-mipsel-20240226-enkernel:4.9.0-13-4kc-maltalocale:en-usos:debian-9-mipselsystem
submitted
11-04-2024 21:14

Target

ee5ad4f256c89ac9dd9d96f384cabbe25a731835561f9741b1314d51f66a014a_JaffaCakes118
Size

32KB
MD5

ca9b92978f0f9ca4b3835e7c1c059dc2
SHA1

81ba9cb366c4faa8380fa702007f9c96e802952f
SHA256

ee5ad4f256c89ac9dd9d96f384cabbe25a731835561f9741b1314d51f66a014a
SHA512

ee5cc690c0e7ba76b156559ff347214b40ad4c46addde08b8403059e1d992e8100d06480d51cd1256ccd9a41670aad212a25973031a87d087b67de02866d6dd3
SSDEEP

768:D9lHLEnguH0GqFFIyPN8a4rDkFPMW0C4Bspeq4dns1RmWWC:hRE3TMFRN8xD+M7nspP4JsCC

Score

10^/10

Family

mirai

Botnet

MIRAI

Mirai
Mirai is a prevalent Linux malware infecting exposed network devices.
botnet mirai

Changes its process name 2 IoCs

Processes:

ee5ad4f256c89ac9dd9d96f384cabbe25a731835561f9741b1314d51f66a014a_JaffaCakes118

description	ioc	pid	process
Changes the process name, possibly in an attempt to hide itself	a	710	ee5ad4f256c89ac9dd9d96f384cabbe25a731835561f9741b1314d51f66a014a_JaffaCakes118
Changes the process name, possibly in an attempt to hide itself	k21kaqncprnt	710	ee5ad4f256c89ac9dd9d96f384cabbe25a731835561f9741b1314d51f66a014a_JaffaCakes118

UPX packed file 1 IoCs
Detects executables packed with UPX/modified UPX open source packer.
upx

Processes:

resource yara_rule

/tmp/tempJrh9d6 upx
Writes file to tmp directory 1 IoCs
Malware often drops required files in the /tmp directory.

Processes:

ee5ad4f256c89ac9dd9d96f384cabbe25a731835561f9741b1314d51f66a014a_JaffaCakes118

description ioc process

File opened for modification /tmp/tempJrh9d6 ee5ad4f256c89ac9dd9d96f384cabbe25a731835561f9741b1314d51f66a014a_JaffaCakes118

resource	yara_rule
/tmp/tempJrh9d6	upx

description	ioc	process
File opened for modification	/tmp/tempJrh9d6	ee5ad4f256c89ac9dd9d96f384cabbe25a731835561f9741b1314d51f66a014a_JaffaCakes118

/tmp/tempJrh9d6
Filesize
32KB

MD5
ca9b92978f0f9ca4b3835e7c1c059dc2

SHA1
81ba9cb366c4faa8380fa702007f9c96e802952f

SHA256
ee5ad4f256c89ac9dd9d96f384cabbe25a731835561f9741b1314d51f66a014a

SHA512
ee5cc690c0e7ba76b156559ff347214b40ad4c46addde08b8403059e1d992e8100d06480d51cd1256ccd9a41670aad212a25973031a87d087b67de02866d6dd3

Download Submit
memory/710-1-0x00400000-0x00456c78-memory.dmp

Download