Analysis
-
max time kernel
149s -
max time network
138s -
platform
ubuntu-20.04_amd64 -
resource
ubuntu2004-amd64-20240221-en -
resource tags
arch:amd64arch:i386image:ubuntu2004-amd64-20240221-enkernel:5.4.0-169-genericlocale:en-usos:ubuntu-20.04-amd64system -
submitted
01-05-2024 19:12
General
-
Target
8a1d5e59d69410415f89993ade70c0d2.elf
-
Size
29KB
-
MD5
8a1d5e59d69410415f89993ade70c0d2
-
SHA1
5ae1fea1f50ebc84f38b9ccebf71c8e04d5aadc5
-
SHA256
230be34e2becbb91230e45246f4775407e1ae28dede350c4759dfa9e6ba89f61
-
SHA512
8e486e4be37dfe14fc22bfd195a8d5323004872084a5e74dab9d7dd253d316f5fc3056271c0a7e37d5b779eb5ecb546e51332ef52f747798646078ebefea02e8
-
SSDEEP
768:dS5i5//Bh9ygHLWCtKLB02232NRTmLAhz3VahD0N:dkopGLePm5hrcA
Malware Config
Extracted
mirai
MIRAI
Signatures
-
Processes:
resource yara_rule /tmp/tempoIlNAk upx -
Changes its process name 2 IoCs
Processes:
8a1d5e59d69410415f89993ade70c0d2.elfdescription ioc pid process Changes the process name, possibly in an attempt to hide itself a 1467 8a1d5e59d69410415f89993ade70c0d2.elf Changes the process name, possibly in an attempt to hide itself 1467 8a1d5e59d69410415f89993ade70c0d2.elf -
Writes file to tmp directory 1 IoCs
Malware often drops required files in the /tmp directory.
Processes:
8a1d5e59d69410415f89993ade70c0d2.elfdescription ioc process File opened for modification /tmp/tempoIlNAk 8a1d5e59d69410415f89993ade70c0d2.elf
Processes
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
/tmp/tempoIlNAkFilesize
29KB
MD58a1d5e59d69410415f89993ade70c0d2
SHA15ae1fea1f50ebc84f38b9ccebf71c8e04d5aadc5
SHA256230be34e2becbb91230e45246f4775407e1ae28dede350c4759dfa9e6ba89f61
SHA5128e486e4be37dfe14fc22bfd195a8d5323004872084a5e74dab9d7dd253d316f5fc3056271c0a7e37d5b779eb5ecb546e51332ef52f747798646078ebefea02e8
-
memory/1467-1-0x0000000008048000-0x0000000008057d08-memory.dmp