Analysis

  • max time kernel
    0s
  • platform
    debian-9_armhf
  • resource
    debian9-armhf-20240611-en
  • resource tags

    arch:armhfimage:debian9-armhf-20240611-enkernel:4.9.0-13-armmp-lpaelocale:en-usos:debian-9-armhfsystem
  • submitted
    04-08-2024 01:20

General

  • Target

    531387eb126a3f8e023b71c622fc181b9580e1b4937d8c64f6ac439874e0610d.elf

  • Size

    32KB

  • MD5

    cd170d8f1e771545d028c4a047408f41

  • SHA1

    3d674f32addef314d2ac10da1f26f13276138a21

  • SHA256

    531387eb126a3f8e023b71c622fc181b9580e1b4937d8c64f6ac439874e0610d

  • SHA512

    31e68d7c2262f564f0f3e690d6237ff29765d708c39944abbf0385b0cc155dfa073973b90a5b91ad8a0cc23767e5ca7f3d2a53c6312de73822e1a542a29bd01e

  • SSDEEP

    768:zljOHlOTcLs7Z8FviuyIENCHBhroJ4qDkGZ1vPtXE9q3UEL52:zAFOqquyqBhEiQLFXtLU

Score
10/10

Malware Config

Extracted

Family

mirai

Botnet

SORA

Signatures

  • Mirai

    Mirai is a prevalent Linux malware infecting exposed network devices.

  • Reads runtime system information 1 IoCs

    Reads data from /proc virtual filesystem.

Processes

  • /tmp/531387eb126a3f8e023b71c622fc181b9580e1b4937d8c64f6ac439874e0610d.elf
    /tmp/531387eb126a3f8e023b71c622fc181b9580e1b4937d8c64f6ac439874e0610d.elf
    1⤵
    • Reads runtime system information
    PID:633

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/633-1-0x00008000-0x0002db14-memory.dmp