mirai | 50195c468eeb272b86850feb6654afb3ce5677bdddb0b192999706847941d13f

Analysis

max time kernel
29s
max time network
35s
platform
ubuntu-20.04_amd64
resource
ubuntu2004-amd64-20240418-en
resource tags

arch:amd64arch:i386image:ubuntu2004-amd64-20240418-enkernel:5.4.0-169-genericlocale:en-usos:ubuntu-20.04-amd64system
submitted
06-05-2024 15:36

Target

86.ducky
Size

45KB
MD5

eebc28feaf0acacc2b3c572017e5bc62
SHA1

8d89598387ded2028dbecc1b8d2c900d70c8a2f6
SHA256

50195c468eeb272b86850feb6654afb3ce5677bdddb0b192999706847941d13f
SHA512

7641a7c518b4f99347900ecb2bf2553a5fa3a4d4784854c71fce24ae995481b43659971299b00ed3be6447b225c62b72cff56803556f21dfe64b14018f700fa8
SSDEEP

768:H+OcV9sObDwcSOx7m5/8reEuUGLVMK3TojbAnBU1B5FBo84MdRIl:HvcVWOf3Sga2juUGLVNj3nBU1/FBwoR

Score

10^/10

mirai mirai botnet

Family

mirai

Botnet

MIRAI

pipipopodox.strangled.net

Mirai
Mirai is a prevalent Linux malware infecting exposed network devices.
botnet mirai
Changes its process name 1 IoCs

Processes:

86.ducky

description ioc pid process

Changes the process name, possibly in an attempt to hide itself a 1468 86.ducky
Writes file to tmp directory 1 IoCs
Malware often drops required files in the /tmp directory.

Processes:

86.ducky

description ioc process

File opened for modification /tmp/temp7W2SV3 86.ducky

description	ioc	pid	process
Changes the process name, possibly in an attempt to hide itself	a	1468	86.ducky

description	ioc	process
File opened for modification	/tmp/temp7W2SV3	86.ducky

/tmp/temp7W2SV3
Filesize
45KB

MD5
eebc28feaf0acacc2b3c572017e5bc62

SHA1
8d89598387ded2028dbecc1b8d2c900d70c8a2f6

SHA256
50195c468eeb272b86850feb6654afb3ce5677bdddb0b192999706847941d13f

SHA512
7641a7c518b4f99347900ecb2bf2553a5fa3a4d4784854c71fce24ae995481b43659971299b00ed3be6447b225c62b72cff56803556f21dfe64b14018f700fa8

Download Submit