Analysis

  • max time kernel
    0s
  • max time network
    146s
  • platform
    debian-12_armhf
  • resource
    debian12-armhf-20240418-en
  • resource tags

    arch:armhfimage:debian12-armhf-20240418-enkernel:6.1.0-17-armmp-lpaelocale:en-usos:debian-12-armhfsystem
  • submitted
    15-07-2024 22:18

General

  • Target

    SecuriteInfo.com.Linux.Siggen.9999.21233.1569.elf

  • Size

    61KB

  • MD5

    6d612d79b7945ce2c26e6a43ca12b201

  • SHA1

    6bc834722dea3bf17cf6346b050eac24ace52a7c

  • SHA256

    44919525f41f820ddda6ca9544b06affe310d18850bc1cf6342f866319f742ea

  • SHA512

    b41b55a2418b7111b245bb08f0a53f45870fde68ce8acbc118c5844aa3d5712c7a406a8c50b902d897d971a33a98114548d82e54228bdd9b23c590ebf005cdb2

  • SSDEEP

    1536:v0+bsll8m/iSik7mnpgTnPJTpS1Yq1Kylkc:c+bwx9gnulpcIRc

Score
10/10

Malware Config

Extracted

Family

mirai

Botnet

MIRAI

Signatures

  • Mirai

    Mirai is a prevalent Linux malware infecting exposed network devices.

  • Reads runtime system information 1 IoCs

    Reads data from /proc virtual filesystem.

Processes

  • /tmp/SecuriteInfo.com.Linux.Siggen.9999.21233.1569.elf
    /tmp/SecuriteInfo.com.Linux.Siggen.9999.21233.1569.elf
    1⤵
    • Reads runtime system information
    PID:705

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/705-1-0x00008000-0x0002d424-memory.dmp