Analysis
-
max time kernel
148s -
max time network
151s -
platform
debian-12_armhf -
resource
debian12-armhf-20240729-en -
resource tags
-
submitted
09-10-2024 02:21
General
-
Target
c792ce87ba1b0dc37cf3d2d2b4ad3433395ae93e0f1ae9c1140d097d093c1457.elf
-
Size
61KB
-
MD5
7ff7cdd806adaea6085384f85a736106
-
SHA1
07f7ee2a8c37722956faa1fe024b57b63732f808
-
SHA256
c792ce87ba1b0dc37cf3d2d2b4ad3433395ae93e0f1ae9c1140d097d093c1457
-
SHA512
53f9a53947254532b93f13241f3edef41f8d9b5fa76bd01a18eeb458d3c3ca1cdc93265aaaf638eaeb02d2f52685035fa3b4a60c1555d48f55d1f6493ce43e1d
-
SSDEEP
768:p5lDNDz4z9We1VkLfHRzdGUelY4encoEWhowytRUE0OUkFtHyxEbuUGRrJeI7ySM:pNDzcj1VCRMde/NGdPBbqMLRAKJUGua
Score
10/10
Malware Config
Signatures
-
Mirai
Mirai is a prevalent Linux malware infecting exposed network devices.
-
Deletes itself 1 IoCs
-
Modifies Watchdog functionality 1 TTPs 2 IoCs
Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.
-
Traces itself 1 IoCs
Traces itself to prevent debugging attempts
-
Enumerates running processes
Discovers information about currently running processes on the system
-
Writes file to system bin folder 2 IoCs
-
Changes its process name 1 IoCs
-
Reads runtime system information 64 IoCs
Reads data from /proc virtual filesystem.
Processes
-
/tmp/c792ce87ba1b0dc37cf3d2d2b4ad3433395ae93e0f1ae9c1140d097d093c1457.elf/tmp/c792ce87ba1b0dc37cf3d2d2b4ad3433395ae93e0f1ae9c1140d097d093c1457.elf1⤵
- Deletes itself
- Modifies Watchdog functionality
- Traces itself
- Writes file to system bin folder
- Changes its process name
-
/bin/shsh -c "ps -A -o pid,cmd --no-headers"2⤵
-
/usr/bin/psps -A -o "pid,cmd" --no-headers3⤵
- Reads runtime system information
-
-
-
/bin/shsh -c "ps -A -o pid,cmd --no-headers"2⤵
-
/usr/bin/psps -A -o "pid,cmd" --no-headers3⤵
- Reads runtime system information
-
-
-
/bin/shsh -c "ps -A -o pid,cmd --no-headers"2⤵
-
/usr/bin/psps -A -o "pid,cmd" --no-headers3⤵
- Reads runtime system information
-
-
-
/bin/shsh -c "ps -A -o pid,cmd --no-headers"2⤵
-
/usr/bin/psps -A -o "pid,cmd" --no-headers3⤵
-
-
-
/bin/shsh -c "ps -A -o pid,cmd --no-headers"2⤵
-
/usr/bin/psps -A -o "pid,cmd" --no-headers3⤵
- Reads runtime system information
-
-
-
/bin/shsh -c "ps -A -o pid,cmd --no-headers"2⤵
-
/usr/bin/psps -A -o "pid,cmd" --no-headers3⤵
- Reads runtime system information
-
-
-
/bin/shsh -c "ps -A -o pid,cmd --no-headers"2⤵
-
/usr/bin/psps -A -o "pid,cmd" --no-headers3⤵
-
-
-
/bin/shsh -c "ps -A -o pid,cmd --no-headers"2⤵
-
/usr/bin/psps -A -o "pid,cmd" --no-headers3⤵
-
-
-
/bin/shsh -c "ps -A -o pid,cmd --no-headers"2⤵
-
/usr/bin/psps -A -o "pid,cmd" --no-headers3⤵
- Reads runtime system information
-
-
-
/bin/shsh -c "ps -A -o pid,cmd --no-headers"2⤵
-
/usr/bin/psps -A -o "pid,cmd" --no-headers3⤵
-
-
-
/bin/shsh -c "ps -A -o pid,cmd --no-headers"2⤵
-
/usr/bin/psps -A -o "pid,cmd" --no-headers3⤵
- Reads runtime system information
-
-
-
/bin/shsh -c "ps -A -o pid,cmd --no-headers"2⤵
-
/usr/bin/psps -A -o "pid,cmd" --no-headers3⤵
-
-
-
/bin/shsh -c "ps -A -o pid,cmd --no-headers"2⤵
-
/usr/bin/psps -A -o "pid,cmd" --no-headers3⤵
- Reads runtime system information
-
-
-
/bin/shsh -c "ps -A -o pid,cmd --no-headers"2⤵
-
/usr/bin/psps -A -o "pid,cmd" --no-headers3⤵
- Reads runtime system information
-
-
-
/bin/shsh -c "ps -A -o pid,cmd --no-headers"2⤵
-
/usr/bin/psps -A -o "pid,cmd" --no-headers3⤵
-
-
-
/bin/shsh -c "ps -A -o pid,cmd --no-headers"2⤵
-
/usr/bin/psps -A -o "pid,cmd" --no-headers3⤵
- Reads runtime system information
-
-
-
/bin/shsh -c "ps -A -o pid,cmd --no-headers"2⤵
-
/usr/bin/psps -A -o "pid,cmd" --no-headers3⤵
- Reads runtime system information
-
-
-
/bin/shsh -c "ps -A -o pid,cmd --no-headers"2⤵
-
/usr/bin/psps -A -o "pid,cmd" --no-headers3⤵
- Reads runtime system information
-
-
-
/bin/shsh -c "ps -A -o pid,cmd --no-headers"2⤵
-
/usr/bin/psps -A -o "pid,cmd" --no-headers3⤵
- Reads runtime system information
-
-
-
/bin/shsh -c "ps -A -o pid,cmd --no-headers"2⤵
-
/usr/bin/psps -A -o "pid,cmd" --no-headers3⤵
- Reads runtime system information
-
-
-
/bin/shsh -c "ps -A -o pid,cmd --no-headers"2⤵
-
/usr/bin/psps -A -o "pid,cmd" --no-headers3⤵
- Reads runtime system information
-
-
-
/bin/shsh -c "ps -A -o pid,cmd --no-headers"2⤵
-
/usr/bin/psps -A -o "pid,cmd" --no-headers3⤵
- Reads runtime system information
-
-
-
/bin/shsh -c "ps -A -o pid,cmd --no-headers"2⤵
-
/usr/bin/psps -A -o "pid,cmd" --no-headers3⤵
- Reads runtime system information
-
-
-
/bin/shsh -c "ps -A -o pid,cmd --no-headers"2⤵
-
/usr/bin/psps -A -o "pid,cmd" --no-headers3⤵
- Reads runtime system information
-
-
-
/bin/shsh -c "ps -A -o pid,cmd --no-headers"2⤵
-
/usr/bin/psps -A -o "pid,cmd" --no-headers3⤵
- Reads runtime system information
-
-
-
/bin/shsh -c "ps -A -o pid,cmd --no-headers"2⤵
-
/usr/bin/psps -A -o "pid,cmd" --no-headers3⤵
-
-
-
/bin/shsh -c "ps -A -o pid,cmd --no-headers"2⤵
-
/usr/bin/psps -A -o "pid,cmd" --no-headers3⤵
- Reads runtime system information
-
-
-
/bin/shsh -c "ps -A -o pid,cmd --no-headers"2⤵
-
/usr/bin/psps -A -o "pid,cmd" --no-headers3⤵
- Reads runtime system information
-
-
-
/bin/shsh -c "ps -A -o pid,cmd --no-headers"2⤵
-
/usr/bin/psps -A -o "pid,cmd" --no-headers3⤵
- Reads runtime system information
-
-
-
/bin/shsh -c "ps -A -o pid,cmd --no-headers"2⤵
-
/usr/bin/psps -A -o "pid,cmd" --no-headers3⤵
- Reads runtime system information
-
-
-
/bin/shsh -c "ps -A -o pid,cmd --no-headers"2⤵
-
/usr/bin/psps -A -o "pid,cmd" --no-headers3⤵
- Reads runtime system information
-
-
-
/bin/shsh -c "ps -A -o pid,cmd --no-headers"2⤵
-
/usr/bin/psps -A -o "pid,cmd" --no-headers3⤵
- Reads runtime system information
-
-
-
/bin/shsh -c "ps -A -o pid,cmd --no-headers"2⤵
-
/usr/bin/psps -A -o "pid,cmd" --no-headers3⤵
-
-
-
/bin/shsh -c "ps -A -o pid,cmd --no-headers"2⤵
-
/usr/bin/psps -A -o "pid,cmd" --no-headers3⤵
- Reads runtime system information
-
-
-
/bin/shsh -c "ps -A -o pid,cmd --no-headers"2⤵
-
/usr/bin/psps -A -o "pid,cmd" --no-headers3⤵
- Reads runtime system information
-
-
-
/bin/shsh -c "ps -A -o pid,cmd --no-headers"2⤵
-
/usr/bin/psps -A -o "pid,cmd" --no-headers3⤵
- Reads runtime system information
-
-
-
/bin/shsh -c "ps -A -o pid,cmd --no-headers"2⤵
-
/usr/bin/psps -A -o "pid,cmd" --no-headers3⤵
- Reads runtime system information
-
-
-
/bin/shsh -c "ps -A -o pid,cmd --no-headers"2⤵
-
/usr/bin/psps -A -o "pid,cmd" --no-headers3⤵
- Reads runtime system information
-
-
-
/bin/shsh -c "ps -A -o pid,cmd --no-headers"2⤵
-
/usr/bin/psps -A -o "pid,cmd" --no-headers3⤵
-
-
-
/bin/shsh -c "ps -A -o pid,cmd --no-headers"2⤵
-
/usr/bin/psps -A -o "pid,cmd" --no-headers3⤵
- Reads runtime system information
-
-
-
/bin/shsh -c "ps -A -o pid,cmd --no-headers"2⤵
-
/usr/bin/psps -A -o "pid,cmd" --no-headers3⤵
- Reads runtime system information
-
-
-
/bin/shsh -c "ps -A -o pid,cmd --no-headers"2⤵
-
/usr/bin/psps -A -o "pid,cmd" --no-headers3⤵
- Reads runtime system information
-
-
-
/bin/shsh -c "ps -A -o pid,cmd --no-headers"2⤵
-
/usr/bin/psps -A -o "pid,cmd" --no-headers3⤵
- Reads runtime system information
-
-
-
/bin/shsh -c "ps -A -o pid,cmd --no-headers"2⤵
-
/usr/bin/psps -A -o "pid,cmd" --no-headers3⤵
- Reads runtime system information
-
-
-
/bin/shsh -c "ps -A -o pid,cmd --no-headers"2⤵
-
/usr/bin/psps -A -o "pid,cmd" --no-headers3⤵
- Reads runtime system information
-
-
-
/bin/shsh -c "ps -A -o pid,cmd --no-headers"2⤵
-
/usr/bin/psps -A -o "pid,cmd" --no-headers3⤵
- Reads runtime system information
-
-