mirai | 230be34e2becbb91230e45246f4775407e1ae28dede350c4759dfa9e6ba89f61 | Triage

Analysis

max time kernel
149s
max time network
138s
platform
ubuntu-20.04_amd64
resource
ubuntu2004-amd64-20240221-en
resource tags

arch:amd64arch:i386image:ubuntu2004-amd64-20240221-enkernel:5.4.0-169-genericlocale:en-usos:ubuntu-20.04-amd64system
submitted
01-05-2024 19:12

Sharing

Report Analysis Logs

General

Target

8a1d5e59d69410415f89993ade70c0d2.elf
Size

29KB
MD5

8a1d5e59d69410415f89993ade70c0d2
SHA1

5ae1fea1f50ebc84f38b9ccebf71c8e04d5aadc5
SHA256

230be34e2becbb91230e45246f4775407e1ae28dede350c4759dfa9e6ba89f61
SHA512

8e486e4be37dfe14fc22bfd195a8d5323004872084a5e74dab9d7dd253d316f5fc3056271c0a7e37d5b779eb5ecb546e51332ef52f747798646078ebefea02e8
SSDEEP

768:dS5i5//Bh9ygHLWCtKLB02232NRTmLAhz3VahD0N:dkopGLePm5hrcA

Score

10^/10

mirai mirai botnet upx

Malware Config

Extracted

Family

mirai

Botnet

MIRAI

Signatures

Mirai
Mirai is a prevalent Linux malware infecting exposed network devices.
botnet mirai
UPX packed file 1 IoCs
Detects executables packed with UPX/modified UPX open source packer.
upx

Processes:

resource yara_rule

/tmp/tempoIlNAk upx

Changes its process name 2 IoCs

Processes:

8a1d5e59d69410415f89993ade70c0d2.elf

description	ioc	pid	process
Changes the process name, possibly in an attempt to hide itself	a	1467	8a1d5e59d69410415f89993ade70c0d2.elf
Changes the process name, possibly in an attempt to hide itself	1467	8a1d5e59d69410415f89993ade70c0d2.elf

Writes file to tmp directory 1 IoCs
Malware often drops required files in the /tmp directory.

Processes:

8a1d5e59d69410415f89993ade70c0d2.elf

description ioc process

File opened for modification /tmp/tempoIlNAk 8a1d5e59d69410415f89993ade70c0d2.elf

/tmp/8a1d5e59d69410415f89993ade70c0d2.elf
/tmp/8a1d5e59d69410415f89993ade70c0d2.elf
1⤵
- Changes its process name
- Writes file to tmp directory
PID:1467

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

/tmp/tempoIlNAk
Filesize
29KB

MD5
8a1d5e59d69410415f89993ade70c0d2

SHA1
5ae1fea1f50ebc84f38b9ccebf71c8e04d5aadc5

SHA256
230be34e2becbb91230e45246f4775407e1ae28dede350c4759dfa9e6ba89f61

SHA512
8e486e4be37dfe14fc22bfd195a8d5323004872084a5e74dab9d7dd253d316f5fc3056271c0a7e37d5b779eb5ecb546e51332ef52f747798646078ebefea02e8

Download Submit
memory/1467-1-0x0000000008048000-0x0000000008057d08-memory.dmp

Download