mirai | e96461fd749ff92a3fa39ecdff5f703df6550a2e67bea4832f6db2464a067909 | Triage

Analysis

max time kernel
1s
max time network
150s
platform
debian-12_armhf
resource
debian12-armhf-20240221-en
resource tags

arch:armhfimage:debian12-armhf-20240221-enkernel:6.1.0-17-armmp-lpaelocale:en-usos:debian-12-armhfsystem
submitted
01-11-2024 14:07

Sharing

Report Analysis Logs

General

Target

dlr.arm6.elf
Size

1KB
MD5

168fe49d36ec727890a525614aad6e5e
SHA1

8d78fcebf1bc6d2aa4f1b309156bf9bd818a022b
SHA256

e96461fd749ff92a3fa39ecdff5f703df6550a2e67bea4832f6db2464a067909
SHA512

d0dd1037e6f6f271551dfe8a2711eeb8b801e8742fa6c3d37a79eb29da7ee523069eda2f2932e2e526cbaa9a4fd48bdb4eab74eb5787192f77fb8cc6f125ecfb

Score

10^/10

mirai sora botnet

Malware Config

Extracted

Family

mirai

Botnet

SORA

Signatures

Mirai
Mirai is a prevalent Linux malware infecting exposed network devices.
botnet mirai
Mirai family
mirai
Writes file to tmp directory 1 IoCs
Malware often drops required files in the /tmp directory.

Processes:

dlr.arm6.elf

description ioc process

File opened for modification /tmp/byte dlr.arm6.elf

/tmp/dlr.arm6.elf
/tmp/dlr.arm6.elf
1⤵
- Writes file to tmp directory
PID:708

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

/tmp/byte

Filesize
86KB

MD5
a43e9fc94b44146457050c47e96a4818

SHA1
dd40abb18bda7ba3bb222515aa06d7e29525548f

SHA256
de137a2b6427df64a6227b2e4af5649e17f02ac4e5b873eea574a6044af8d18d

SHA512
c80bfa9d13e0eb3ae7a73890a474956cec8f01da5af99095109bc2c5c6d1c99e8e89993151a6b71575ebbf28de24fe3da830b2055e7b972bc0dcb501ef584970

Download Submit