Analysis

  • max time kernel
    150s
  • max time network
    153s
  • platform
    debian-12_armhf
  • resource
    debian12-armhf-20240221-en
  • resource tags

    arch:armhfimage:debian12-armhf-20240221-enkernel:6.1.0-17-armmp-lpaelocale:en-usos:debian-12-armhfsystem
  • submitted
    21-07-2024 18:26

General

  • Target

    91449c2830e32f60d5b4a1c4aaece84d.elf

  • Size

    57KB

  • MD5

    91449c2830e32f60d5b4a1c4aaece84d

  • SHA1

    3b6c75c183ce8c369b6a578b3ab60c1474dce6cc

  • SHA256

    82cac44937ab2d7c20d46e53b87a73594824457443a1946083df6cca33e324cf

  • SHA512

    c63403eb6e2b9973fd28bc0773f72c110eb733e13ae64985e609c142c73bbc1b0f5155707688de1ecf1dfa602f829b78bfd819b53cc6af859f478c5e78445c94

  • SSDEEP

    1536:jccRgToILobaTyTYH0gg67EevuG9o5Pn7SfLXfFt+E:jLRgT6bqyT767EeWGGhn7SfLXV

Score
10/10

Malware Config

Extracted

Family

mirai

Botnet

MIRAI

Signatures

  • Mirai

    Mirai is a prevalent Linux malware infecting exposed network devices.

  • Deletes itself 1 IoCs
  • Modifies Watchdog functionality 1 TTPs 2 IoCs

    Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.

  • Changes its process name 1 IoCs
  • Reads runtime system information 64 IoCs

    Reads data from /proc virtual filesystem.

Processes

  • /tmp/91449c2830e32f60d5b4a1c4aaece84d.elf
    /tmp/91449c2830e32f60d5b4a1c4aaece84d.elf
    1⤵
    • Deletes itself
    • Modifies Watchdog functionality
    • Changes its process name
    • Reads runtime system information
    PID:709

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/709-1-0x00008000-0x000297a4-memory.dmp