Analysis

  • max time kernel
    0s
  • platform
    debian-9_armhf
  • resource
    debian9-armhf-20240226-en
  • resource tags

    arch:armhfimage:debian9-armhf-20240226-enkernel:4.9.0-13-armmp-lpaelocale:en-usos:debian-9-armhfsystem
  • submitted
    24-04-2024 14:32

General

  • Target

    d55941e5d6f8c8bf5247957509865002.elf

  • Size

    50KB

  • MD5

    d55941e5d6f8c8bf5247957509865002

  • SHA1

    1384ccf60c0a75a4344172698ce6f28ab2aefd23

  • SHA256

    7af4fe14d2e50e6bff038f368442f60b66ed7a4b0b0df7a7327e2c806084622d

  • SHA512

    c60d8213e65d1d01120d99e5a5fa758b92861f211f70095b59440b32b0c38233664ef614d23934932eb53d2a14ea9f1c04334fcb0fd96b9fdf1fea36c707776c

  • SSDEEP

    1536:uCoqsGR4eB3g0Vmh1IxIpC8JeL9VE8amFZP7R3J:Xoqs2Twh6P8JeLJ9ZP7R3J

Score
10/10

Malware Config

Extracted

Family

mirai

Botnet

SORA

Signatures

  • Mirai

    Mirai is a prevalent Linux malware infecting exposed network devices.

  • Reads runtime system information 1 IoCs

    Reads data from /proc virtual filesystem.

Processes

  • /tmp/d55941e5d6f8c8bf5247957509865002.elf
    /tmp/d55941e5d6f8c8bf5247957509865002.elf
    1⤵
    • Reads runtime system information
    PID:658

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/658-1-0x00008000-0x00029730-memory.dmp