mirai | 47561e093091d572a75257ed7021fd910d0c2046527c0b1ba3783b342f6809fa

General

Target

4762a76740b054e87fea2b4c96fb21d7.elf
Size

49KB
MD5

4762a76740b054e87fea2b4c96fb21d7
SHA1

13e446ac976f9531f3a6010d243e729c438377ff
SHA256

47561e093091d572a75257ed7021fd910d0c2046527c0b1ba3783b342f6809fa
SHA512

e93473f156482d53219b8981403a2cfd4685c5b6dddd93140d0f769322c4bef0fc49272f3f184eb271f3f5ac3c0b2c599c2006593f9dfe9c976af2b06c8dd072
SSDEEP

1536:lOE9hx1sNTAxARDB5xtFQ10kIWGoB72TzGTLIYM3nZq1ERu:lOlUKLtmNIWGo0TQMYM3nM1ERu

Score

10^/10

mirai botnet

Malware Config

Signatures

Mirai
Mirai is a prevalent Linux malware infecting exposed network devices.
botnet mirai
Enumerates running processes
Discovers information about currently running processes on the system
Changes its process name 1 IoCs

Processes:

4762a76740b054e87fea2b4c96fb21d7.elf

description ioc pid process

Changes the process name, possibly in an attempt to hide itself a- M " 638 4762a76740b054e87fea2b4c96fb21d7.elf

description	ioc	pid	process
Changes the process name, possibly in an attempt to hide itself	a- M "	638	4762a76740b054e87fea2b4c96fb21d7.elf

Reads runtime system information 64 IoCs

Reads data from /proc virtual filesystem.

Processes:

4762a76740b054e87fea2b4c96fb21d7.elf

description	ioc	process
File opened for reading	/proc/19/cmdline	4762a76740b054e87fea2b4c96fb21d7.elf
File opened for reading	/proc/646/cmdline	4762a76740b054e87fea2b4c96fb21d7.elf
File opened for reading	/proc/652/cmdline	4762a76740b054e87fea2b4c96fb21d7.elf
File opened for reading	/proc/655/cmdline	4762a76740b054e87fea2b4c96fb21d7.elf
File opened for reading	/proc/666/cmdline	4762a76740b054e87fea2b4c96fb21d7.elf
File opened for reading	/proc/696/cmdline	4762a76740b054e87fea2b4c96fb21d7.elf
File opened for reading	/proc/16/cmdline	4762a76740b054e87fea2b4c96fb21d7.elf
File opened for reading	/proc/216/cmdline	4762a76740b054e87fea2b4c96fb21d7.elf
File opened for reading	/proc/12/cmdline	4762a76740b054e87fea2b4c96fb21d7.elf
File opened for reading	/proc/638/cmdline	4762a76740b054e87fea2b4c96fb21d7.elf
File opened for reading	/proc/590/cmdline	4762a76740b054e87fea2b4c96fb21d7.elf
File opened for reading	/proc/709/cmdline	4762a76740b054e87fea2b4c96fb21d7.elf
File opened for reading	/proc/711/cmdline	4762a76740b054e87fea2b4c96fb21d7.elf
File opened for reading	/proc/743/cmdline	4762a76740b054e87fea2b4c96fb21d7.elf
File opened for reading	/proc/748/cmdline	4762a76740b054e87fea2b4c96fb21d7.elf
File opened for reading	/proc/761/cmdline	4762a76740b054e87fea2b4c96fb21d7.elf
File opened for reading	/proc/102/cmdline	4762a76740b054e87fea2b4c96fb21d7.elf
File opened for reading	/proc/152/cmdline	4762a76740b054e87fea2b4c96fb21d7.elf
File opened for reading	/proc/80/cmdline	4762a76740b054e87fea2b4c96fb21d7.elf
File opened for reading	/proc/637/cmdline	4762a76740b054e87fea2b4c96fb21d7.elf
File opened for reading	/proc/664/cmdline	4762a76740b054e87fea2b4c96fb21d7.elf
File opened for reading	/proc/669/cmdline	4762a76740b054e87fea2b4c96fb21d7.elf
File opened for reading	/proc/674/cmdline	4762a76740b054e87fea2b4c96fb21d7.elf
File opened for reading	/proc/692/cmdline	4762a76740b054e87fea2b4c96fb21d7.elf
File opened for reading	/proc/15/cmdline	4762a76740b054e87fea2b4c96fb21d7.elf
File opened for reading	/proc/23/cmdline	4762a76740b054e87fea2b4c96fb21d7.elf
File opened for reading	/proc/723/cmdline	4762a76740b054e87fea2b4c96fb21d7.elf
File opened for reading	/proc/714/cmdline	4762a76740b054e87fea2b4c96fb21d7.elf
File opened for reading	/proc/715/cmdline	4762a76740b054e87fea2b4c96fb21d7.elf
File opened for reading	/proc/665/cmdline	4762a76740b054e87fea2b4c96fb21d7.elf
File opened for reading	/proc/673/cmdline	4762a76740b054e87fea2b4c96fb21d7.elf
File opened for reading	/proc/688/cmdline	4762a76740b054e87fea2b4c96fb21d7.elf
File opened for reading	/proc/691/cmdline	4762a76740b054e87fea2b4c96fb21d7.elf
File opened for reading	/proc/703/cmdline	4762a76740b054e87fea2b4c96fb21d7.elf
File opened for reading	/proc/707/cmdline	4762a76740b054e87fea2b4c96fb21d7.elf
File opened for reading	/proc/21/cmdline	4762a76740b054e87fea2b4c96fb21d7.elf
File opened for reading	/proc/41/cmdline	4762a76740b054e87fea2b4c96fb21d7.elf
File opened for reading	/proc/751/cmdline	4762a76740b054e87fea2b4c96fb21d7.elf
File opened for reading	/proc/702/cmdline	4762a76740b054e87fea2b4c96fb21d7.elf
File opened for reading	/proc/710/cmdline	4762a76740b054e87fea2b4c96fb21d7.elf
File opened for reading	/proc/591/cmdline	4762a76740b054e87fea2b4c96fb21d7.elf
File opened for reading	/proc/687/cmdline	4762a76740b054e87fea2b4c96fb21d7.elf
File opened for reading	/proc/28/cmdline	4762a76740b054e87fea2b4c96fb21d7.elf
File opened for reading	/proc/112/cmdline	4762a76740b054e87fea2b4c96fb21d7.elf
File opened for reading	/proc/281/cmdline	4762a76740b054e87fea2b4c96fb21d7.elf
File opened for reading	/proc/302/cmdline	4762a76740b054e87fea2b4c96fb21d7.elf
File opened for reading	/proc/659/cmdline	4762a76740b054e87fea2b4c96fb21d7.elf
File opened for reading	/proc/734/cmdline	4762a76740b054e87fea2b4c96fb21d7.elf
File opened for reading	/proc/2/cmdline	4762a76740b054e87fea2b4c96fb21d7.elf
File opened for reading	/proc/13/cmdline	4762a76740b054e87fea2b4c96fb21d7.elf
File opened for reading	/proc/732/cmdline	4762a76740b054e87fea2b4c96fb21d7.elf
File opened for reading	/proc/733/cmdline	4762a76740b054e87fea2b4c96fb21d7.elf
File opened for reading	/proc/739/cmdline	4762a76740b054e87fea2b4c96fb21d7.elf
File opened for reading	/proc/649/cmdline	4762a76740b054e87fea2b4c96fb21d7.elf
File opened for reading	/proc/699/cmdline	4762a76740b054e87fea2b4c96fb21d7.elf
File opened for reading	/proc/676/cmdline	4762a76740b054e87fea2b4c96fb21d7.elf
File opened for reading	/proc/17/cmdline	4762a76740b054e87fea2b4c96fb21d7.elf
File opened for reading	/proc/24/cmdline	4762a76740b054e87fea2b4c96fb21d7.elf
File opened for reading	/proc/283/cmdline	4762a76740b054e87fea2b4c96fb21d7.elf
File opened for reading	/proc/641/cmdline	4762a76740b054e87fea2b4c96fb21d7.elf
File opened for reading	/proc/672/cmdline	4762a76740b054e87fea2b4c96fb21d7.elf
File opened for reading	/proc/720/cmdline	4762a76740b054e87fea2b4c96fb21d7.elf
File opened for reading	/proc/1/cmdline	4762a76740b054e87fea2b4c96fb21d7.elf
File opened for reading	/proc/6/cmdline	4762a76740b054e87fea2b4c96fb21d7.elf

/tmp/4762a76740b054e87fea2b4c96fb21d7.elf
/tmp/4762a76740b054e87fea2b4c96fb21d7.elf
1⤵
- Changes its process name
- Reads runtime system information
PID:638

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads