Analysis

  • max time kernel
    132s
  • max time network
    151s
  • platform
    ubuntu-22.04_amd64
  • resource
    ubuntu2204-amd64-20240611-en
  • resource tags

    arch:amd64arch:i386image:ubuntu2204-amd64-20240611-enkernel:5.15.0-105-genericlocale:en-usos:ubuntu-22.04-amd64system
  • submitted
    13/10/2024, 01:59

General

  • Target

    fdfb62667a735e470431ef539115b3af0c5fc9cff2ba7d8ff519c40b1a07ab11.elf

  • Size

    34KB

  • MD5

    3ae258f1c4855a11e0a21e8d63dcf69f

  • SHA1

    7c1bec498bbd9948782b1fe1752fab73f51eea81

  • SHA256

    fdfb62667a735e470431ef539115b3af0c5fc9cff2ba7d8ff519c40b1a07ab11

  • SHA512

    5f9e9f6471115b6260a6a75ab694ec3eca53b40537c5653d4eb63593648e416601e868742f4c49266adf518189f7db2333d3b5f78f0d81fc81b150f4d989cfda

  • SSDEEP

    768:TdSc/lBMfEnujNo0JqMA3NWBp3MW2k0NrBMqEI/WZ6n/:TvlBMfnZo0JDAdWB6W2bNrBMpI/WQ/

Malware Config

Extracted

Family

mirai

C2

bot.merisprivate.net

Signatures

  • Mirai

    Mirai is a prevalent Linux malware infecting exposed network devices.

  • Contacts a large (3074) amount of remote hosts 1 TTPs

    This may indicate a network scan to discover remotely running services.

  • Modifies Watchdog functionality 1 TTPs 2 IoCs

    Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.

  • Writes file to system bin folder 2 IoCs
  • Changes its process name 1 IoCs

Processes

  • /tmp/fdfb62667a735e470431ef539115b3af0c5fc9cff2ba7d8ff519c40b1a07ab11.elf
    /tmp/fdfb62667a735e470431ef539115b3af0c5fc9cff2ba7d8ff519c40b1a07ab11.elf
    1⤵
    • Modifies Watchdog functionality
    • Writes file to system bin folder
    • Changes its process name
    PID:1586

Network

        MITRE ATT&CK Enterprise v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads