Analysis

  • max time kernel
    149s
  • max time network
    149s
  • platform
    ubuntu-18.04_amd64
  • resource
    ubuntu1804-amd64-20240508-en
  • resource tags

    arch:amd64arch:i386image:ubuntu1804-amd64-20240508-enkernel:4.15.0-213-genericlocale:en-usos:ubuntu-18.04-amd64system
  • submitted
    21-07-2024 18:26

General

  • Target

    f90653583ae7efbf695d8ee63045b743.elf

  • Size

    43KB

  • MD5

    f90653583ae7efbf695d8ee63045b743

  • SHA1

    35b4b7bb3ebe4f4160b87dfe8e1ab4b164dcbf3e

  • SHA256

    682effde9a843d148b41ee802f86683c7b2c4310d6d2003b0dee381050e44633

  • SHA512

    aa0e86f53507201b4b44d0f5b753389cc5625a3858469c66a6dfcd1ec0a1f697ea4ac339753d743a9242379fda2f3fcf91513e533970d11cc339582660b1a9fb

  • SSDEEP

    768:piwfWG3NTE6BIQjt9wOEfrttCrzIDZwJn55kla4tIkjLUXFtWe1uocSQ:piC53tB7cByrzNjuaQIkjADc3

Score
10/10

Malware Config

Extracted

Family

mirai

Botnet

MIRAI

Signatures

  • Mirai

    Mirai is a prevalent Linux malware infecting exposed network devices.

  • Deletes itself 1 IoCs
  • Modifies Watchdog functionality 1 TTPs 2 IoCs

    Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.

  • Changes its process name 1 IoCs
  • Reads runtime system information 64 IoCs

    Reads data from /proc virtual filesystem.

Processes

  • /tmp/f90653583ae7efbf695d8ee63045b743.elf
    /tmp/f90653583ae7efbf695d8ee63045b743.elf
    1⤵
    • Deletes itself
    • Modifies Watchdog functionality
    • Changes its process name
    • Reads runtime system information
    PID:1504

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/1504-1-0x0000000008048000-0x000000000805b988-memory.dmp