Analysis

  • max time kernel
    149s
  • max time network
    150s
  • platform
    debian-9_mips
  • resource
    debian9-mipsbe-20240418-en
  • resource tags

    arch:mipsimage:debian9-mipsbe-20240418-enkernel:4.9.0-13-4kc-maltalocale:en-usos:debian-9-mipssystem
  • submitted
    21-07-2024 18:26

General

  • Target

    b0b0f87e748ba4842aa5020739b4007c.elf

  • Size

    48KB

  • MD5

    b0b0f87e748ba4842aa5020739b4007c

  • SHA1

    4444a298b2d2173ba904a5f98628db624f6316dd

  • SHA256

    4a1934d87decdfad56645d354bd208458619c8281f3bec5a161406811c3ed032

  • SHA512

    c36923770bc3d29f72dbddec71a61ff65c7c20d62bf380ff6d339f2fd6aead2fe19a5727234e017c0759e98d4bcb3220075104de62caebcdf20db5e497abb0ed

  • SSDEEP

    1536:CW8sypfAA6EgIPi6Li/e1N0c4nsVJuUm5sK8:CppoAPgf6OuVQUm5f8

Score
10/10

Malware Config

Extracted

Family

mirai

Botnet

MIRAI

Signatures

  • Mirai

    Mirai is a prevalent Linux malware infecting exposed network devices.

  • Deletes itself 1 IoCs
  • Modifies Watchdog functionality 1 TTPs 2 IoCs

    Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.

  • Changes its process name 1 IoCs
  • Reads runtime system information 64 IoCs

    Reads data from /proc virtual filesystem.

Processes

  • /tmp/b0b0f87e748ba4842aa5020739b4007c.elf
    /tmp/b0b0f87e748ba4842aa5020739b4007c.elf
    1⤵
    • Deletes itself
    • Modifies Watchdog functionality
    • Changes its process name
    • Reads runtime system information
    PID:735

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/735-1-0x00400000-0x0042d9e0-memory.dmp