mirai | a67ab3ae7a26a965fb3c25dc014f225a094cab7aa1187fd23d01cf9b0b803e01

Analysis

max time kernel
151s
max time network
153s
platform
debian-12_mipsel
resource
debian12-mipsel-20240221-en
resource tags

arch:mipselimage:debian12-mipsel-20240221-enkernel:6.1.0-17-4kc-maltalocale:en-usos:debian-12-mipselsystem
submitted
19-09-2024 01:40

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

a67ab3ae7a26a965fb3c25dc014f225a094cab7aa1187fd23d01cf9b0b803e01.elf
Size

44KB
MD5

1ad35be6a82d64f89d9dc253cd00732d
SHA1

ec27b140c4e0a99fe2541df124a570972821b627
SHA256

a67ab3ae7a26a965fb3c25dc014f225a094cab7aa1187fd23d01cf9b0b803e01
SHA512

a51129151f78f8b81e5e82a82ee28651e13ff1daeab3ee6401e899b06c1811c37396a684a2d82db2dc22c9c6f4d78569396399361f6b36f8bdf60a61fb40871e
SSDEEP

768:qD/owcXQko+k5mmjRjhk/YQZYn2n4ambRiYPTGVK7bPUZ8dS+9Wj9:qD/dko+Ymmj1hKG2O0e/Psp+k9

Score

10^/10

mirai botnet defense_evasion discovery

Malware Config

Signatures

Mirai
Mirai is a prevalent Linux malware infecting exposed network devices.
botnet mirai

Deletes itself 1 IoCs

pid	Process
742	a67ab3ae7a26a965fb3c25dc014f225a094cab7aa1187fd23d01cf9b0b803e01.elf

Modifies Watchdog functionality 1 TTPs 2 IoCs

Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.

defense_evasion

Impair Defenses

T1562

description	ioc	Process
File opened for modification	/dev/watchdog	a67ab3ae7a26a965fb3c25dc014f225a094cab7aa1187fd23d01cf9b0b803e01.elf
File opened for modification	/dev/misc/watchdog	a67ab3ae7a26a965fb3c25dc014f225a094cab7aa1187fd23d01cf9b0b803e01.elf

Changes its process name 1 IoCs

description	ioc	pid	Process
Changes the process name, possibly in an attempt to hide itself	cvoviuni8ep68rtg	742	a67ab3ae7a26a965fb3c25dc014f225a094cab7aa1187fd23d01cf9b0b803e01.elf

Reads runtime system information 64 IoCs

Reads data from /proc virtual filesystem.

discovery

description	ioc	Process
File opened for reading	/proc/353cmdline	a67ab3ae7a26a965fb3c25dc014f225a094cab7aa1187fd23d01cf9b0b803e01.elf
File opened for reading	/proc/42cmdline	a67ab3ae7a26a965fb3c25dc014f225a094cab7aa1187fd23d01cf9b0b803e01.elf
File opened for reading	/proc/47cmdline	a67ab3ae7a26a965fb3c25dc014f225a094cab7aa1187fd23d01cf9b0b803e01.elf
File opened for reading	/proc/785cmdline	a67ab3ae7a26a965fb3c25dc014f225a094cab7aa1187fd23d01cf9b0b803e01.elf
File opened for reading	/proc/791cmdline	a67ab3ae7a26a965fb3c25dc014f225a094cab7aa1187fd23d01cf9b0b803e01.elf
File opened for reading	/proc/798cmdline	a67ab3ae7a26a965fb3c25dc014f225a094cab7aa1187fd23d01cf9b0b803e01.elf
File opened for reading	/proc/35cmdline	a67ab3ae7a26a965fb3c25dc014f225a094cab7aa1187fd23d01cf9b0b803e01.elf
File opened for reading	/proc/776cmdline	a67ab3ae7a26a965fb3c25dc014f225a094cab7aa1187fd23d01cf9b0b803e01.elf
File opened for reading	/proc/262cmdline	a67ab3ae7a26a965fb3c25dc014f225a094cab7aa1187fd23d01cf9b0b803e01.elf
File opened for reading	/proc/747cmdline	a67ab3ae7a26a965fb3c25dc014f225a094cab7aa1187fd23d01cf9b0b803e01.elf
File opened for reading	/proc/775cmdline	a67ab3ae7a26a965fb3c25dc014f225a094cab7aa1187fd23d01cf9b0b803e01.elf
File opened for reading	/proc/11cmdline	a67ab3ae7a26a965fb3c25dc014f225a094cab7aa1187fd23d01cf9b0b803e01.elf
File opened for reading	/proc/115cmdline	a67ab3ae7a26a965fb3c25dc014f225a094cab7aa1187fd23d01cf9b0b803e01.elf
File opened for reading	/proc/33cmdline	a67ab3ae7a26a965fb3c25dc014f225a094cab7aa1187fd23d01cf9b0b803e01.elf
File opened for reading	/proc/119cmdline	a67ab3ae7a26a965fb3c25dc014f225a094cab7aa1187fd23d01cf9b0b803e01.elf
File opened for reading	/proc/53cmdline	a67ab3ae7a26a965fb3c25dc014f225a094cab7aa1187fd23d01cf9b0b803e01.elf
File opened for reading	/proc/748cmdline	a67ab3ae7a26a965fb3c25dc014f225a094cab7aa1187fd23d01cf9b0b803e01.elf
File opened for reading	/proc/749cmdline	a67ab3ae7a26a965fb3c25dc014f225a094cab7aa1187fd23d01cf9b0b803e01.elf
File opened for reading	/proc/7cmdline	a67ab3ae7a26a965fb3c25dc014f225a094cab7aa1187fd23d01cf9b0b803e01.elf
File opened for reading	/proc/26cmdline	a67ab3ae7a26a965fb3c25dc014f225a094cab7aa1187fd23d01cf9b0b803e01.elf
File opened for reading	/proc/786cmdline	a67ab3ae7a26a965fb3c25dc014f225a094cab7aa1187fd23d01cf9b0b803e01.elf
File opened for reading	/proc/116cmdline	a67ab3ae7a26a965fb3c25dc014f225a094cab7aa1187fd23d01cf9b0b803e01.elf
File opened for reading	/proc/767cmdline	a67ab3ae7a26a965fb3c25dc014f225a094cab7aa1187fd23d01cf9b0b803e01.elf
File opened for reading	/proc/44cmdline	a67ab3ae7a26a965fb3c25dc014f225a094cab7aa1187fd23d01cf9b0b803e01.elf
File opened for reading	/proc/138cmdline	a67ab3ae7a26a965fb3c25dc014f225a094cab7aa1187fd23d01cf9b0b803e01.elf
File opened for reading	/proc/382cmdline	a67ab3ae7a26a965fb3c25dc014f225a094cab7aa1187fd23d01cf9b0b803e01.elf
File opened for reading	/proc/743cmdline	a67ab3ae7a26a965fb3c25dc014f225a094cab7aa1187fd23d01cf9b0b803e01.elf
File opened for reading	/proc/771cmdline	a67ab3ae7a26a965fb3c25dc014f225a094cab7aa1187fd23d01cf9b0b803e01.elf
File opened for reading	/proc/799cmdline	a67ab3ae7a26a965fb3c25dc014f225a094cab7aa1187fd23d01cf9b0b803e01.elf
File opened for reading	/proc/18cmdline	a67ab3ae7a26a965fb3c25dc014f225a094cab7aa1187fd23d01cf9b0b803e01.elf
File opened for reading	/proc/22cmdline	a67ab3ae7a26a965fb3c25dc014f225a094cab7aa1187fd23d01cf9b0b803e01.elf
File opened for reading	/proc/801cmdline	a67ab3ae7a26a965fb3c25dc014f225a094cab7aa1187fd23d01cf9b0b803e01.elf
File opened for reading	/proc/17cmdline	a67ab3ae7a26a965fb3c25dc014f225a094cab7aa1187fd23d01cf9b0b803e01.elf
File opened for reading	/proc/759cmdline	a67ab3ae7a26a965fb3c25dc014f225a094cab7aa1187fd23d01cf9b0b803e01.elf
File opened for reading	/proc/27cmdline	a67ab3ae7a26a965fb3c25dc014f225a094cab7aa1187fd23d01cf9b0b803e01.elf
File opened for reading	/proc/699cmdline	a67ab3ae7a26a965fb3c25dc014f225a094cab7aa1187fd23d01cf9b0b803e01.elf
File opened for reading	/proc/732cmdline	a67ab3ae7a26a965fb3c25dc014f225a094cab7aa1187fd23d01cf9b0b803e01.elf
File opened for reading	/proc/784cmdline	a67ab3ae7a26a965fb3c25dc014f225a094cab7aa1187fd23d01cf9b0b803e01.elf
File opened for reading	/proc/10cmdline	a67ab3ae7a26a965fb3c25dc014f225a094cab7aa1187fd23d01cf9b0b803e01.elf
File opened for reading	/proc/13cmdline	a67ab3ae7a26a965fb3c25dc014f225a094cab7aa1187fd23d01cf9b0b803e01.elf
File opened for reading	/proc/795cmdline	a67ab3ae7a26a965fb3c25dc014f225a094cab7aa1187fd23d01cf9b0b803e01.elf
File opened for reading	/proc/32cmdline	a67ab3ae7a26a965fb3c25dc014f225a094cab7aa1187fd23d01cf9b0b803e01.elf
File opened for reading	/proc/359cmdline	a67ab3ae7a26a965fb3c25dc014f225a094cab7aa1187fd23d01cf9b0b803e01.elf
File opened for reading	/proc/711cmdline	a67ab3ae7a26a965fb3c25dc014f225a094cab7aa1187fd23d01cf9b0b803e01.elf
File opened for reading	/proc/8cmdline	a67ab3ae7a26a965fb3c25dc014f225a094cab7aa1187fd23d01cf9b0b803e01.elf
File opened for reading	/proc/25cmdline	a67ab3ae7a26a965fb3c25dc014f225a094cab7aa1187fd23d01cf9b0b803e01.elf
File opened for reading	/proc/753cmdline	a67ab3ae7a26a965fb3c25dc014f225a094cab7aa1187fd23d01cf9b0b803e01.elf
File opened for reading	/proc/806cmdline	a67ab3ae7a26a965fb3c25dc014f225a094cab7aa1187fd23d01cf9b0b803e01.elf
File opened for reading	/proc/781cmdline	a67ab3ae7a26a965fb3c25dc014f225a094cab7aa1187fd23d01cf9b0b803e01.elf
File opened for reading	/proc/37cmdline	a67ab3ae7a26a965fb3c25dc014f225a094cab7aa1187fd23d01cf9b0b803e01.elf
File opened for reading	/proc/774cmdline	a67ab3ae7a26a965fb3c25dc014f225a094cab7aa1187fd23d01cf9b0b803e01.elf
File opened for reading	/proc/20cmdline	a67ab3ae7a26a965fb3c25dc014f225a094cab7aa1187fd23d01cf9b0b803e01.elf
File opened for reading	/proc/21cmdline	a67ab3ae7a26a965fb3c25dc014f225a094cab7aa1187fd23d01cf9b0b803e01.elf
File opened for reading	/proc/679cmdline	a67ab3ae7a26a965fb3c25dc014f225a094cab7aa1187fd23d01cf9b0b803e01.elf
File opened for reading	/proc/750cmdline	a67ab3ae7a26a965fb3c25dc014f225a094cab7aa1187fd23d01cf9b0b803e01.elf
File opened for reading	/proc/752cmdline	a67ab3ae7a26a965fb3c25dc014f225a094cab7aa1187fd23d01cf9b0b803e01.elf
File opened for reading	/proc/764cmdline	a67ab3ae7a26a965fb3c25dc014f225a094cab7aa1187fd23d01cf9b0b803e01.elf
File opened for reading	/proc/1cmdline	a67ab3ae7a26a965fb3c25dc014f225a094cab7aa1187fd23d01cf9b0b803e01.elf
File opened for reading	/proc/9cmdline	a67ab3ae7a26a965fb3c25dc014f225a094cab7aa1187fd23d01cf9b0b803e01.elf
File opened for reading	/proc/805cmdline	a67ab3ae7a26a965fb3c25dc014f225a094cab7aa1187fd23d01cf9b0b803e01.elf
File opened for reading	/proc/19cmdline	a67ab3ae7a26a965fb3c25dc014f225a094cab7aa1187fd23d01cf9b0b803e01.elf
File opened for reading	/proc/58cmdline	a67ab3ae7a26a965fb3c25dc014f225a094cab7aa1187fd23d01cf9b0b803e01.elf
File opened for reading	/proc/762cmdline	a67ab3ae7a26a965fb3c25dc014f225a094cab7aa1187fd23d01cf9b0b803e01.elf
File opened for reading	/proc/777cmdline	a67ab3ae7a26a965fb3c25dc014f225a094cab7aa1187fd23d01cf9b0b803e01.elf

/tmp/a67ab3ae7a26a965fb3c25dc014f225a094cab7aa1187fd23d01cf9b0b803e01.elf
/tmp/a67ab3ae7a26a965fb3c25dc014f225a094cab7aa1187fd23d01cf9b0b803e01.elf
1⤵
- Deletes itself
- Modifies Watchdog functionality
- Changes its process name
- Reads runtime system information
PID:742

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Impair Defenses

T1562

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads