Analysis

  • max time kernel
    0s
  • platform
    debian-9_armhf
  • resource
    debian9-armhf-20240226-en
  • resource tags

    arch:armhfimage:debian9-armhf-20240226-enkernel:4.9.0-13-armmp-lpaelocale:en-usos:debian-9-armhfsystem
  • submitted
    23-04-2024 11:29

General

  • Target

    c309fccf2778c6d64295cd44d12c52ee.elf

  • Size

    31KB

  • MD5

    c309fccf2778c6d64295cd44d12c52ee

  • SHA1

    00f8f0dcab5ffc000966f4ea77a911b46b4511e0

  • SHA256

    b2c031423dd776d0123a68ffa795f8b1a132c499f1a2388a62e306723cafd33f

  • SHA512

    b50406837d8308c0745a67b377a39491a43dbf2d76d4d232b984deed4593bb75a2d919f53777ef49655ea8a7889338679cdbca0c22e45f26fc489c911b71baed

  • SSDEEP

    768:YEKkUgXAnURCr6HmDFStmYtl4c9q3UELdo:gkEn7uHEemE4lL+

Score
10/10

Malware Config

Extracted

Family

mirai

Botnet

SORA

Signatures

  • Mirai

    Mirai is a prevalent Linux malware infecting exposed network devices.

  • Reads runtime system information 1 IoCs

    Reads data from /proc virtual filesystem.

Processes

  • /tmp/c309fccf2778c6d64295cd44d12c52ee.elf
    /tmp/c309fccf2778c6d64295cd44d12c52ee.elf
    1⤵
    • Reads runtime system information
    PID:659

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/659-1-0x00008000-0x0002da94-memory.dmp