mirai | a67ab3ae7a26a965fb3c25dc014f225a094cab7aa1187fd23d01cf9b0b803e01

Analysis

max time kernel
154s
max time network
165s
platform
debian-12_mipsel
resource
debian12-mipsel-20240221-en
resource tags

arch:mipselimage:debian12-mipsel-20240221-enkernel:6.1.0-17-4kc-maltalocale:en-usos:debian-12-mipselsystem
submitted
18-10-2024 19:02

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

a67ab3ae7a26a965fb3c25dc014f225a094cab7aa1187fd23d01cf9b0b803e01.elf
Size

44KB
MD5

1ad35be6a82d64f89d9dc253cd00732d
SHA1

ec27b140c4e0a99fe2541df124a570972821b627
SHA256

a67ab3ae7a26a965fb3c25dc014f225a094cab7aa1187fd23d01cf9b0b803e01
SHA512

a51129151f78f8b81e5e82a82ee28651e13ff1daeab3ee6401e899b06c1811c37396a684a2d82db2dc22c9c6f4d78569396399361f6b36f8bdf60a61fb40871e
SSDEEP

768:qD/owcXQko+k5mmjRjhk/YQZYn2n4ambRiYPTGVK7bPUZ8dS+9Wj9:qD/dko+Ymmj1hKG2O0e/Psp+k9

Score

10^/10

mirai botnet defense_evasion discovery

Malware Config

Signatures

Mirai
Mirai is a prevalent Linux malware infecting exposed network devices.
botnet mirai

Deletes itself 1 IoCs

pid	Process
742	a67ab3ae7a26a965fb3c25dc014f225a094cab7aa1187fd23d01cf9b0b803e01.elf

Modifies Watchdog functionality 1 TTPs 2 IoCs

Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.

defense_evasion

Impair Defenses

T1562

description	ioc	Process
File opened for modification	/dev/watchdog	a67ab3ae7a26a965fb3c25dc014f225a094cab7aa1187fd23d01cf9b0b803e01.elf
File opened for modification	/dev/misc/watchdog	a67ab3ae7a26a965fb3c25dc014f225a094cab7aa1187fd23d01cf9b0b803e01.elf

Changes its process name 1 IoCs

description	ioc	pid	Process
Changes the process name, possibly in an attempt to hide itself	1sojsvlhpnd5imch4ac1ig3ev3sb	742	a67ab3ae7a26a965fb3c25dc014f225a094cab7aa1187fd23d01cf9b0b803e01.elf

Reads runtime system information 64 IoCs

Reads data from /proc virtual filesystem.

discovery

description	ioc	Process
File opened for reading	/proc/22cmdline	a67ab3ae7a26a965fb3c25dc014f225a094cab7aa1187fd23d01cf9b0b803e01.elf
File opened for reading	/proc/23cmdline	a67ab3ae7a26a965fb3c25dc014f225a094cab7aa1187fd23d01cf9b0b803e01.elf
File opened for reading	/proc/59cmdline	a67ab3ae7a26a965fb3c25dc014f225a094cab7aa1187fd23d01cf9b0b803e01.elf
File opened for reading	/proc/714cmdline	a67ab3ae7a26a965fb3c25dc014f225a094cab7aa1187fd23d01cf9b0b803e01.elf
File opened for reading	/proc/3cmdline	a67ab3ae7a26a965fb3c25dc014f225a094cab7aa1187fd23d01cf9b0b803e01.elf
File opened for reading	/proc/30cmdline	a67ab3ae7a26a965fb3c25dc014f225a094cab7aa1187fd23d01cf9b0b803e01.elf
File opened for reading	/proc/766cmdline	a67ab3ae7a26a965fb3c25dc014f225a094cab7aa1187fd23d01cf9b0b803e01.elf
File opened for reading	/proc/767cmdline	a67ab3ae7a26a965fb3c25dc014f225a094cab7aa1187fd23d01cf9b0b803e01.elf
File opened for reading	/proc/11cmdline	a67ab3ae7a26a965fb3c25dc014f225a094cab7aa1187fd23d01cf9b0b803e01.elf
File opened for reading	/proc/45cmdline	a67ab3ae7a26a965fb3c25dc014f225a094cab7aa1187fd23d01cf9b0b803e01.elf
File opened for reading	/proc/710cmdline	a67ab3ae7a26a965fb3c25dc014f225a094cab7aa1187fd23d01cf9b0b803e01.elf
File opened for reading	/proc/745cmdline	a67ab3ae7a26a965fb3c25dc014f225a094cab7aa1187fd23d01cf9b0b803e01.elf
File opened for reading	/proc/758cmdline	a67ab3ae7a26a965fb3c25dc014f225a094cab7aa1187fd23d01cf9b0b803e01.elf
File opened for reading	/proc/15cmdline	a67ab3ae7a26a965fb3c25dc014f225a094cab7aa1187fd23d01cf9b0b803e01.elf
File opened for reading	/proc/29cmdline	a67ab3ae7a26a965fb3c25dc014f225a094cab7aa1187fd23d01cf9b0b803e01.elf
File opened for reading	/proc/33cmdline	a67ab3ae7a26a965fb3c25dc014f225a094cab7aa1187fd23d01cf9b0b803e01.elf
File opened for reading	/proc/406cmdline	a67ab3ae7a26a965fb3c25dc014f225a094cab7aa1187fd23d01cf9b0b803e01.elf
File opened for reading	/proc/18cmdline	a67ab3ae7a26a965fb3c25dc014f225a094cab7aa1187fd23d01cf9b0b803e01.elf
File opened for reading	/proc/180cmdline	a67ab3ae7a26a965fb3c25dc014f225a094cab7aa1187fd23d01cf9b0b803e01.elf
File opened for reading	/proc/411cmdline	a67ab3ae7a26a965fb3c25dc014f225a094cab7aa1187fd23d01cf9b0b803e01.elf
File opened for reading	/proc/734cmdline	a67ab3ae7a26a965fb3c25dc014f225a094cab7aa1187fd23d01cf9b0b803e01.elf
File opened for reading	/proc/10cmdline	a67ab3ae7a26a965fb3c25dc014f225a094cab7aa1187fd23d01cf9b0b803e01.elf
File opened for reading	/proc/705cmdline	a67ab3ae7a26a965fb3c25dc014f225a094cab7aa1187fd23d01cf9b0b803e01.elf
File opened for reading	/proc/765cmdline	a67ab3ae7a26a965fb3c25dc014f225a094cab7aa1187fd23d01cf9b0b803e01.elf
File opened for reading	/proc/784cmdline	a67ab3ae7a26a965fb3c25dc014f225a094cab7aa1187fd23d01cf9b0b803e01.elf
File opened for reading	/proc/790cmdline	a67ab3ae7a26a965fb3c25dc014f225a094cab7aa1187fd23d01cf9b0b803e01.elf
File opened for reading	/proc/7cmdline	a67ab3ae7a26a965fb3c25dc014f225a094cab7aa1187fd23d01cf9b0b803e01.elf
File opened for reading	/proc/13cmdline	a67ab3ae7a26a965fb3c25dc014f225a094cab7aa1187fd23d01cf9b0b803e01.elf
File opened for reading	/proc/390cmdline	a67ab3ae7a26a965fb3c25dc014f225a094cab7aa1187fd23d01cf9b0b803e01.elf
File opened for reading	/proc/711cmdline	a67ab3ae7a26a965fb3c25dc014f225a094cab7aa1187fd23d01cf9b0b803e01.elf
File opened for reading	/proc/747cmdline	a67ab3ae7a26a965fb3c25dc014f225a094cab7aa1187fd23d01cf9b0b803e01.elf
File opened for reading	/proc/757cmdline	a67ab3ae7a26a965fb3c25dc014f225a094cab7aa1187fd23d01cf9b0b803e01.elf
File opened for reading	/proc/780cmdline	a67ab3ae7a26a965fb3c25dc014f225a094cab7aa1187fd23d01cf9b0b803e01.elf
File opened for reading	/proc/21cmdline	a67ab3ae7a26a965fb3c25dc014f225a094cab7aa1187fd23d01cf9b0b803e01.elf
File opened for reading	/proc/35cmdline	a67ab3ae7a26a965fb3c25dc014f225a094cab7aa1187fd23d01cf9b0b803e01.elf
File opened for reading	/proc/731cmdline	a67ab3ae7a26a965fb3c25dc014f225a094cab7aa1187fd23d01cf9b0b803e01.elf
File opened for reading	/proc/1cmdline	a67ab3ae7a26a965fb3c25dc014f225a094cab7aa1187fd23d01cf9b0b803e01.elf
File opened for reading	/proc/17cmdline	a67ab3ae7a26a965fb3c25dc014f225a094cab7aa1187fd23d01cf9b0b803e01.elf
File opened for reading	/proc/693cmdline	a67ab3ae7a26a965fb3c25dc014f225a094cab7aa1187fd23d01cf9b0b803e01.elf
File opened for reading	/proc/720cmdline	a67ab3ae7a26a965fb3c25dc014f225a094cab7aa1187fd23d01cf9b0b803e01.elf
File opened for reading	/proc/763cmdline	a67ab3ae7a26a965fb3c25dc014f225a094cab7aa1187fd23d01cf9b0b803e01.elf
File opened for reading	/proc/14cmdline	a67ab3ae7a26a965fb3c25dc014f225a094cab7aa1187fd23d01cf9b0b803e01.elf
File opened for reading	/proc/31cmdline	a67ab3ae7a26a965fb3c25dc014f225a094cab7aa1187fd23d01cf9b0b803e01.elf
File opened for reading	/proc/47cmdline	a67ab3ae7a26a965fb3c25dc014f225a094cab7aa1187fd23d01cf9b0b803e01.elf
File opened for reading	/proc/48cmdline	a67ab3ae7a26a965fb3c25dc014f225a094cab7aa1187fd23d01cf9b0b803e01.elf
File opened for reading	/proc/53cmdline	a67ab3ae7a26a965fb3c25dc014f225a094cab7aa1187fd23d01cf9b0b803e01.elf
File opened for reading	/proc/717cmdline	a67ab3ae7a26a965fb3c25dc014f225a094cab7aa1187fd23d01cf9b0b803e01.elf
File opened for reading	/proc/760cmdline	a67ab3ae7a26a965fb3c25dc014f225a094cab7aa1187fd23d01cf9b0b803e01.elf
File opened for reading	/proc/775cmdline	a67ab3ae7a26a965fb3c25dc014f225a094cab7aa1187fd23d01cf9b0b803e01.elf
File opened for reading	/proc/732cmdline	a67ab3ae7a26a965fb3c25dc014f225a094cab7aa1187fd23d01cf9b0b803e01.elf
File opened for reading	/proc/771cmdline	a67ab3ae7a26a965fb3c25dc014f225a094cab7aa1187fd23d01cf9b0b803e01.elf
File opened for reading	/proc/776cmdline	a67ab3ae7a26a965fb3c25dc014f225a094cab7aa1187fd23d01cf9b0b803e01.elf
File opened for reading	/proc/19cmdline	a67ab3ae7a26a965fb3c25dc014f225a094cab7aa1187fd23d01cf9b0b803e01.elf
File opened for reading	/proc/750cmdline	a67ab3ae7a26a965fb3c25dc014f225a094cab7aa1187fd23d01cf9b0b803e01.elf
File opened for reading	/proc/773cmdline	a67ab3ae7a26a965fb3c25dc014f225a094cab7aa1187fd23d01cf9b0b803e01.elf
File opened for reading	/proc/5cmdline	a67ab3ae7a26a965fb3c25dc014f225a094cab7aa1187fd23d01cf9b0b803e01.elf
File opened for reading	/proc/9cmdline	a67ab3ae7a26a965fb3c25dc014f225a094cab7aa1187fd23d01cf9b0b803e01.elf
File opened for reading	/proc/27cmdline	a67ab3ae7a26a965fb3c25dc014f225a094cab7aa1187fd23d01cf9b0b803e01.elf
File opened for reading	/proc/329cmdline	a67ab3ae7a26a965fb3c25dc014f225a094cab7aa1187fd23d01cf9b0b803e01.elf
File opened for reading	/proc/755cmdline	a67ab3ae7a26a965fb3c25dc014f225a094cab7aa1187fd23d01cf9b0b803e01.elf
File opened for reading	/proc/6cmdline	a67ab3ae7a26a965fb3c25dc014f225a094cab7aa1187fd23d01cf9b0b803e01.elf
File opened for reading	/proc/37cmdline	a67ab3ae7a26a965fb3c25dc014f225a094cab7aa1187fd23d01cf9b0b803e01.elf
File opened for reading	/proc/58cmdline	a67ab3ae7a26a965fb3c25dc014f225a094cab7aa1187fd23d01cf9b0b803e01.elf
File opened for reading	/proc/690cmdline	a67ab3ae7a26a965fb3c25dc014f225a094cab7aa1187fd23d01cf9b0b803e01.elf

/tmp/a67ab3ae7a26a965fb3c25dc014f225a094cab7aa1187fd23d01cf9b0b803e01.elf
/tmp/a67ab3ae7a26a965fb3c25dc014f225a094cab7aa1187fd23d01cf9b0b803e01.elf
1⤵
- Deletes itself
- Modifies Watchdog functionality
- Changes its process name
- Reads runtime system information
PID:742

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Impair Defenses

T1562

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads