mirai | 282e83f41672453454d791746f164c6c6fb499400e388c1a217c831b15aed9c9

Analysis

max time kernel
143s
max time network
148s
platform
ubuntu-20.04_amd64
resource
ubuntu2004-amd64-20240729-en
resource tags

arch:amd64arch:i386image:ubuntu2004-amd64-20240729-enkernel:5.4.0-169-genericlocale:en-usos:ubuntu-20.04-amd64system
submitted
21/09/2024, 01:15

Target

282e83f41672453454d791746f164c6c6fb499400e388c1a217c831b15aed9c9.elf
Size

52KB
MD5

b185b15614515fcbcd6caec13efb3e14
SHA1

f524f7492f995f462a38b14d2d0b8f6bb9089344
SHA256

282e83f41672453454d791746f164c6c6fb499400e388c1a217c831b15aed9c9
SHA512

9ade8186e8328935d32f2c947fade17d5b6b45dc8020d760f14ebdb62f2ed89e383e56b28006cb01ac7554e516d3e1888429588a6aba52203b1562a925b17a51
SSDEEP

1536:lO/z5JrBCOATa9AxkDh1kQ2UQAc9RmdxOBu4yt+ygFuGT:lo5qTXq/kQeT4YjuGT

Score

10^/10

Mirai
Mirai is a prevalent Linux malware infecting exposed network devices.
botnet mirai

Changes its process name 1 IoCs

description	ioc	pid	Process
Changes the process name, possibly in an attempt to hide itself	a	1386	282e83f41672453454d791746f164c6c6fb499400e388c1a217c831b15aed9c9.elf

Reads runtime system information 1 IoCs

Reads data from /proc virtual filesystem.

description	ioc	Process
File opened for reading	/proc/self/exe	282e83f41672453454d791746f164c6c6fb499400e388c1a217c831b15aed9c9.elf

Writes file to tmp directory 4 IoCs

Malware often drops required files in the /tmp directory.

description	ioc	Process
File opened for modification	/tmp/=vwd=esfqzv}u	282e83f41672453454d791746f164c6c6fb499400e388c1a217c831b15aed9c9.elf
File opened for modification	/tmp/=vwd={aq=esfqzv}u	282e83f41672453454d791746f164c6c6fb499400e388c1a217c831b15aed9c9.elf
File opened for modification	/tmp/=vwd=TFEVF#"#Mesfqzv}u	282e83f41672453454d791746f164c6c6fb499400e388c1a217c831b15aed9c9.elf
File opened for modification	/tmp/=vwd=TFEVF#"#N2esfqzv}u!	282e83f41672453454d791746f164c6c6fb499400e388c1a217c831b15aed9c9.elf