Analysis

  • max time kernel
    154s
  • max time network
    166s
  • platform
    debian-12_mipsel
  • resource
    debian12-mipsel-20240221-en
  • resource tags

    arch:mipselimage:debian12-mipsel-20240221-enkernel:6.1.0-17-4kc-maltalocale:en-usos:debian-12-mipselsystem
  • submitted
    22-07-2024 00:06

General

  • Target

    d308611c459eb18bd3d7391f76beba1d.elf

  • Size

    36KB

  • MD5

    d308611c459eb18bd3d7391f76beba1d

  • SHA1

    66d1002b6fa5dabdf817e35a22a3ae9765e2cce4

  • SHA256

    9a01f605497a1a40e7afbd45817f0766cbe4f933003336c5da3b44d9e36a8025

  • SHA512

    2e5168675892c8cdd35a57fae8d1913331446dd65ab8c07d08c5af22747f704f0593e5dd697420f0900f955cefd5be439d465c6a24c991a0137de77131a551df

  • SSDEEP

    768:Bcic7wjLhjwmdpL2DUu0tqa/Q3czyKjdTJ3vbcBroEKDPNWG:WqVLgUATc7dlYFoEKV

Score
10/10

Malware Config

Extracted

Family

mirai

Botnet

MIRAI

Signatures

  • Mirai

    Mirai is a prevalent Linux malware infecting exposed network devices.

  • Deletes itself 1 IoCs
  • Modifies Watchdog functionality 1 TTPs 2 IoCs

    Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.

  • Changes its process name 1 IoCs
  • Reads runtime system information 64 IoCs

    Reads data from /proc virtual filesystem.

Processes

  • /tmp/d308611c459eb18bd3d7391f76beba1d.elf
    /tmp/d308611c459eb18bd3d7391f76beba1d.elf
    1⤵
    • Deletes itself
    • Modifies Watchdog functionality
    • Changes its process name
    • Reads runtime system information
    PID:740

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/740-1-0x00400000-0x00458ce0-memory.dmp