Overview

overview

10

Static

static

7

SecuriteIn...04.elf

debian-9-mips

10

Analysis

  • max time kernel
    149s
  • max time network
    133s
  • platform
    debian-9_mips
  • resource
    debian9-mipsbe-20240226-en
  • resource tags

    arch:mipsimage:debian9-mipsbe-20240226-enkernel:4.9.0-13-4kc-maltalocale:en-usos:debian-9-mipssystem
  • submitted
    25-04-2024 12:35

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    SecuriteInfo.com.Linux.Siggen.9999.7319.21004.elf

  • Size

    27KB

  • MD5

    6f3474f1cd0a4ffad5c1264ecf0e8a32

  • SHA1

    9fed71fc34f2d61b7e159502b96e4ac5b2e8bb30

  • SHA256

    f04972bd93af551702198a699553adfc3c66bc044d8e30b18edfe56dbaa650a6

  • SHA512

    a26d0924a05a9daed32aa3de821e624cc49532d010f2f6898ac22344d60a302cbf3210351b63bcc5533e2c84742350afae84a293c1183e2a47195fffe200e790

  • SSDEEP

    768:DbdX14mC31ecSKqEI8e+rGPRRtIDAfnlnnZ9AEzEJgGlzDpbuR1JF:DBX14mC31enKqEI/+CriYlnZ9H8VJur

Score
10/10
mirailzrdbotnet

Malware Config

Extracted

Family

mirai

Botnet

LZRD

C2

www.sushiking.world

s.sushiking.world

Signatures

  • Mirai

    Mirai is a prevalent Linux malware infecting exposed network devices.

    botnetmirai
  • Modifies Watchdog functionality 1 TTPs 2 IoCs

    Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.

  • Enumerates active TCP sockets 1 TTPs 1 IoCs

    Gets active TCP sockets from /proc virtual filesystem.

  • Enumerates running processes

    Discovers information about currently running processes on the system

  • Reads system network configuration 1 TTPs 1 IoCs

    Uses contents of /proc filesystem to enumerate network settings.

  • Reads runtime system information 42 IoCs

    Reads data from /proc virtual filesystem.

Processes

  • /tmp/SecuriteInfo.com.Linux.Siggen.9999.7319.21004.elf
    /tmp/SecuriteInfo.com.Linux.Siggen.9999.7319.21004.elf
    1⤵
    • Modifies Watchdog functionality
    • Enumerates active TCP sockets
    • Reads system network configuration
    • Reads runtime system information
    PID:711

Network

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Impair Defenses

1
T1562

Credential Access

Discovery

System Network Connections Discovery

1
T1049

System Network Configuration Discovery

1
T1016

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/711-1-0x00400000-0x00456a08-memory.dmp
    Download