Analysis
-
max time kernel
143s -
max time network
148s -
platform
debian-9_mips -
resource
debian9-mipsbe-20240418-en -
resource tags
arch:mipsimage:debian9-mipsbe-20240418-enkernel:4.9.0-13-4kc-maltalocale:en-usos:debian-9-mipssystem -
submitted
02/08/2024, 11:47
General
-
Target
SecuriteInfo.com.Linux.Mirai.2001.23493.18501.elf
-
Size
47KB
-
MD5
73391dc202338ebf0e9d3bf2760c6a82
-
SHA1
01e53777fbd695e82c446640b841eda12b6fafd8
-
SHA256
c133c7f3ba300cb086e53ce2d89c6ce63d4b22ec93923c74b541e82a1eccdb17
-
SHA512
f88b0644e84a67e9ef2145289e4727150ae75f6f5e1c0ec738065150cbb53d8103849707f6b3853c643f0842c4ada60e0653c0c1f35abcc9185f542cf7e1343c
-
SSDEEP
768:g0exntmOfH6XSSg4oNDJsEmrcytB78cDhAEW1gThuVdEE08ausQJgGlzDpUYstU:g0eH77Sg4olJY/tBrhAEW1chuVdd0Mss
Malware Config
Signatures
-
Modifies Watchdog functionality 1 TTPs 2 IoCs
Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.
description ioc Process File opened for modification /dev/watchdog SecuriteInfo.com.Linux.Mirai.2001.23493.18501.elf File opened for modification /dev/misc/watchdog SecuriteInfo.com.Linux.Mirai.2001.23493.18501.elf -
Changes its process name 1 IoCs
description ioc pid Process Changes the process name, possibly in an attempt to hide itself /var/www/html 725 SecuriteInfo.com.Linux.Mirai.2001.23493.18501.elf -
Reads runtime system information 1 IoCs
Reads data from /proc virtual filesystem.
description ioc Process File opened for reading /proc/self/exe SecuriteInfo.com.Linux.Mirai.2001.23493.18501.elf