mirai | af93477fc4a4564f2f3a90855089f74c6caf02b79ae17b276360ebdbf1929569

Analysis

max time kernel
149s
max time network
148s
platform
debian-9_armhf
resource
debian9-armhf-20240729-en
resource tags

arch:armhfimage:debian9-armhf-20240729-enkernel:4.9.0-13-armmp-lpaelocale:en-usos:debian-9-armhfsystem
submitted
30/09/2024, 01:12

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

af93477fc4a4564f2f3a90855089f74c6caf02b79ae17b276360ebdbf1929569.elf
Size

55KB
MD5

2b91bc7cc03c84a280b8843895517347
SHA1

bd1319da4d05df45108741c46f21592e3037c3fb
SHA256

af93477fc4a4564f2f3a90855089f74c6caf02b79ae17b276360ebdbf1929569
SHA512

f897a5343a45b250cf9695aa2c8b100c52948c7f7e1c0bc5bd554734125726fe35e6aa746317555597e51c831d6e22efc26a773668a8a99cc74cb3ad011d6872
SSDEEP

1536:9uIa2oSoGWKk2R1McItWyLWeg2Vxv7INRvSeQt:9DGpARS8yLW457INRKeQt

Score

10^/10

mirai lzrd botnet discovery

Malware Config

Extracted

Family

mirai

Botnet

LZRD

Signatures

Mirai
Mirai is a prevalent Linux malware infecting exposed network devices.
botnet mirai
Enumerates running processes
Discovers information about currently running processes on the system

Reads runtime system information 64 IoCs

Reads data from /proc virtual filesystem.

discovery

description	ioc	Process
File opened for reading	/proc/768/cmdline	af93477fc4a4564f2f3a90855089f74c6caf02b79ae17b276360ebdbf1929569.elf
File opened for reading	/proc/612/cmdline	af93477fc4a4564f2f3a90855089f74c6caf02b79ae17b276360ebdbf1929569.elf
File opened for reading	/proc/678/cmdline	af93477fc4a4564f2f3a90855089f74c6caf02b79ae17b276360ebdbf1929569.elf
File opened for reading	/proc/700/cmdline	af93477fc4a4564f2f3a90855089f74c6caf02b79ae17b276360ebdbf1929569.elf
File opened for reading	/proc/739/cmdline	af93477fc4a4564f2f3a90855089f74c6caf02b79ae17b276360ebdbf1929569.elf
File opened for reading	/proc/754/cmdline	af93477fc4a4564f2f3a90855089f74c6caf02b79ae17b276360ebdbf1929569.elf
File opened for reading	/proc/760/cmdline	af93477fc4a4564f2f3a90855089f74c6caf02b79ae17b276360ebdbf1929569.elf
File opened for reading	/proc/710/cmdline	af93477fc4a4564f2f3a90855089f74c6caf02b79ae17b276360ebdbf1929569.elf
File opened for reading	/proc/733/cmdline	af93477fc4a4564f2f3a90855089f74c6caf02b79ae17b276360ebdbf1929569.elf
File opened for reading	/proc/19/cmdline	af93477fc4a4564f2f3a90855089f74c6caf02b79ae17b276360ebdbf1929569.elf
File opened for reading	/proc/276/cmdline	af93477fc4a4564f2f3a90855089f74c6caf02b79ae17b276360ebdbf1929569.elf
File opened for reading	/proc/594/cmdline	af93477fc4a4564f2f3a90855089f74c6caf02b79ae17b276360ebdbf1929569.elf
File opened for reading	/proc/614/cmdline	af93477fc4a4564f2f3a90855089f74c6caf02b79ae17b276360ebdbf1929569.elf
File opened for reading	/proc/679/cmdline	af93477fc4a4564f2f3a90855089f74c6caf02b79ae17b276360ebdbf1929569.elf
File opened for reading	/proc/699/cmdline	af93477fc4a4564f2f3a90855089f74c6caf02b79ae17b276360ebdbf1929569.elf
File opened for reading	/proc/792/cmdline	af93477fc4a4564f2f3a90855089f74c6caf02b79ae17b276360ebdbf1929569.elf
File opened for reading	/proc/4/cmdline	af93477fc4a4564f2f3a90855089f74c6caf02b79ae17b276360ebdbf1929569.elf
File opened for reading	/proc/711/cmdline	af93477fc4a4564f2f3a90855089f74c6caf02b79ae17b276360ebdbf1929569.elf
File opened for reading	/proc/723/cmdline	af93477fc4a4564f2f3a90855089f74c6caf02b79ae17b276360ebdbf1929569.elf
File opened for reading	/proc/786/cmdline	af93477fc4a4564f2f3a90855089f74c6caf02b79ae17b276360ebdbf1929569.elf
File opened for reading	/proc/788/cmdline	af93477fc4a4564f2f3a90855089f74c6caf02b79ae17b276360ebdbf1929569.elf
File opened for reading	/proc/156/cmdline	af93477fc4a4564f2f3a90855089f74c6caf02b79ae17b276360ebdbf1929569.elf
File opened for reading	/proc/289/cmdline	af93477fc4a4564f2f3a90855089f74c6caf02b79ae17b276360ebdbf1929569.elf
File opened for reading	/proc/789/cmdline	af93477fc4a4564f2f3a90855089f74c6caf02b79ae17b276360ebdbf1929569.elf
File opened for reading	/proc/750/cmdline	af93477fc4a4564f2f3a90855089f74c6caf02b79ae17b276360ebdbf1929569.elf
File opened for reading	/proc/3/cmdline	af93477fc4a4564f2f3a90855089f74c6caf02b79ae17b276360ebdbf1929569.elf
File opened for reading	/proc/356/cmdline	af93477fc4a4564f2f3a90855089f74c6caf02b79ae17b276360ebdbf1929569.elf
File opened for reading	/proc/686/cmdline	af93477fc4a4564f2f3a90855089f74c6caf02b79ae17b276360ebdbf1929569.elf
File opened for reading	/proc/689/cmdline	af93477fc4a4564f2f3a90855089f74c6caf02b79ae17b276360ebdbf1929569.elf
File opened for reading	/proc/708/cmdline	af93477fc4a4564f2f3a90855089f74c6caf02b79ae17b276360ebdbf1929569.elf
File opened for reading	/proc/716/cmdline	af93477fc4a4564f2f3a90855089f74c6caf02b79ae17b276360ebdbf1929569.elf
File opened for reading	/proc/777/cmdline	af93477fc4a4564f2f3a90855089f74c6caf02b79ae17b276360ebdbf1929569.elf
File opened for reading	/proc/783/cmdline	af93477fc4a4564f2f3a90855089f74c6caf02b79ae17b276360ebdbf1929569.elf
File opened for reading	/proc/42/cmdline	af93477fc4a4564f2f3a90855089f74c6caf02b79ae17b276360ebdbf1929569.elf
File opened for reading	/proc/141/cmdline	af93477fc4a4564f2f3a90855089f74c6caf02b79ae17b276360ebdbf1929569.elf
File opened for reading	/proc/659/cmdline	af93477fc4a4564f2f3a90855089f74c6caf02b79ae17b276360ebdbf1929569.elf
File opened for reading	/proc/688/cmdline	af93477fc4a4564f2f3a90855089f74c6caf02b79ae17b276360ebdbf1929569.elf
File opened for reading	/proc/721/cmdline	af93477fc4a4564f2f3a90855089f74c6caf02b79ae17b276360ebdbf1929569.elf
File opened for reading	/proc/771/cmdline	af93477fc4a4564f2f3a90855089f74c6caf02b79ae17b276360ebdbf1929569.elf
File opened for reading	/proc/665/cmdline	af93477fc4a4564f2f3a90855089f74c6caf02b79ae17b276360ebdbf1929569.elf
File opened for reading	/proc/718/cmdline	af93477fc4a4564f2f3a90855089f74c6caf02b79ae17b276360ebdbf1929569.elf
File opened for reading	/proc/774/cmdline	af93477fc4a4564f2f3a90855089f74c6caf02b79ae17b276360ebdbf1929569.elf
File opened for reading	/proc/12/cmdline	af93477fc4a4564f2f3a90855089f74c6caf02b79ae17b276360ebdbf1929569.elf
File opened for reading	/proc/43/cmdline	af93477fc4a4564f2f3a90855089f74c6caf02b79ae17b276360ebdbf1929569.elf
File opened for reading	/proc/306/cmdline	af93477fc4a4564f2f3a90855089f74c6caf02b79ae17b276360ebdbf1929569.elf
File opened for reading	/proc/691/cmdline	af93477fc4a4564f2f3a90855089f74c6caf02b79ae17b276360ebdbf1929569.elf
File opened for reading	/proc/704/cmdline	af93477fc4a4564f2f3a90855089f74c6caf02b79ae17b276360ebdbf1929569.elf
File opened for reading	/proc/794/cmdline	af93477fc4a4564f2f3a90855089f74c6caf02b79ae17b276360ebdbf1929569.elf
File opened for reading	/proc/307/cmdline	af93477fc4a4564f2f3a90855089f74c6caf02b79ae17b276360ebdbf1929569.elf
File opened for reading	/proc/658/cmdline	af93477fc4a4564f2f3a90855089f74c6caf02b79ae17b276360ebdbf1929569.elf
File opened for reading	/proc/681/cmdline	af93477fc4a4564f2f3a90855089f74c6caf02b79ae17b276360ebdbf1929569.elf
File opened for reading	/proc/702/cmdline	af93477fc4a4564f2f3a90855089f74c6caf02b79ae17b276360ebdbf1929569.elf
File opened for reading	/proc/715/cmdline	af93477fc4a4564f2f3a90855089f74c6caf02b79ae17b276360ebdbf1929569.elf
File opened for reading	/proc/747/cmdline	af93477fc4a4564f2f3a90855089f74c6caf02b79ae17b276360ebdbf1929569.elf
File opened for reading	/proc/781/cmdline	af93477fc4a4564f2f3a90855089f74c6caf02b79ae17b276360ebdbf1929569.elf
File opened for reading	/proc/24/cmdline	af93477fc4a4564f2f3a90855089f74c6caf02b79ae17b276360ebdbf1929569.elf
File opened for reading	/proc/110/cmdline	af93477fc4a4564f2f3a90855089f74c6caf02b79ae17b276360ebdbf1929569.elf
File opened for reading	/proc/316/cmdline	af93477fc4a4564f2f3a90855089f74c6caf02b79ae17b276360ebdbf1929569.elf
File opened for reading	/proc/668/cmdline	af93477fc4a4564f2f3a90855089f74c6caf02b79ae17b276360ebdbf1929569.elf
File opened for reading	/proc/687/cmdline	af93477fc4a4564f2f3a90855089f74c6caf02b79ae17b276360ebdbf1929569.elf
File opened for reading	/proc/703/cmdline	af93477fc4a4564f2f3a90855089f74c6caf02b79ae17b276360ebdbf1929569.elf
File opened for reading	/proc/790/cmdline	af93477fc4a4564f2f3a90855089f74c6caf02b79ae17b276360ebdbf1929569.elf
File opened for reading	/proc/11/cmdline	af93477fc4a4564f2f3a90855089f74c6caf02b79ae17b276360ebdbf1929569.elf
File opened for reading	/proc/18/cmdline	af93477fc4a4564f2f3a90855089f74c6caf02b79ae17b276360ebdbf1929569.elf

/tmp/af93477fc4a4564f2f3a90855089f74c6caf02b79ae17b276360ebdbf1929569.elf
/tmp/af93477fc4a4564f2f3a90855089f74c6caf02b79ae17b276360ebdbf1929569.elf
1⤵
- Reads runtime system information
PID:661

Analysis

Sharing

General

Malware Config

Extracted

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads