Analysis

  • max time kernel
    0s
  • platform
    debian-9_armhf
  • resource
    debian9-armhf-20240226-en
  • resource tags

    arch:armhfimage:debian9-armhf-20240226-enkernel:4.9.0-13-armmp-lpaelocale:en-usos:debian-9-armhfsystem
  • submitted
    24-04-2024 01:57

General

  • Target

    d9c3ed154dc79185346df7aef55c6fffba8875de6fe2cad8accef6d0d68db64f.elf

  • Size

    50KB

  • MD5

    efb4bfe25dfb11e461038a6ad21954ad

  • SHA1

    c5ddefd0d2ab25b73f2a223cd0b84fc1e0190e85

  • SHA256

    d9c3ed154dc79185346df7aef55c6fffba8875de6fe2cad8accef6d0d68db64f

  • SHA512

    08661f72fe102a8f2933c9368012f99dea766dfb12a9a7db861ae41e25266c8b3f4be9752531033c8d93088bd5976594fe6059c2149dafda53e005afaa1db9ae

  • SSDEEP

    1536:3CoqsGR4eB3g0Vmh1IxIpC8JaL9VE8amFZP7R3i:Soqs2Twh6P8JaLJ9ZP7R3i

Score
10/10

Malware Config

Extracted

Family

mirai

Botnet

SORA

Signatures

  • Mirai

    Mirai is a prevalent Linux malware infecting exposed network devices.

  • Reads runtime system information 1 IoCs

    Reads data from /proc virtual filesystem.

Processes

  • /tmp/d9c3ed154dc79185346df7aef55c6fffba8875de6fe2cad8accef6d0d68db64f.elf
    /tmp/d9c3ed154dc79185346df7aef55c6fffba8875de6fe2cad8accef6d0d68db64f.elf
    1⤵
    • Reads runtime system information
    PID:656

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/656-1-0x00008000-0x00029730-memory.dmp