Analysis

  • max time kernel
    0s
  • max time network
    184s
  • platform
    debian-12_armhf
  • resource
    debian12-armhf-20240221-en
  • resource tags

    arch:armhfimage:debian12-armhf-20240221-enkernel:6.1.0-17-armmp-lpaelocale:en-usos:debian-12-armhfsystem
  • submitted
    09-11-2024 03:46

General

  • Target

    da6882e8935833f15c895f722470b2f1c816cb5f55f5c3322e2d6bf7797a8d16.elf

  • Size

    51KB

  • MD5

    1120d481dbb12b252be3abb8d2e80449

  • SHA1

    cafdb73b3f4a5846624374151dda3f9262d56969

  • SHA256

    da6882e8935833f15c895f722470b2f1c816cb5f55f5c3322e2d6bf7797a8d16

  • SHA512

    3a339973b1ba20fb251173c865011d83318c0387ee6fe8c8731e7405d9b9a0f9d4fd6b003a8b74e44041e760b1c06d9640920d3eb46f59715a400898e9d27d7f

  • SSDEEP

    1536:lO+7HIS0LceoVUTJHvzKLNOHaKdQtt7EYG:lOuH8qKJ2Lk6h3G

Malware Config

Extracted

Family

mirai

Botnet

SORA

Signatures

  • Mirai

    Mirai is a prevalent Linux malware infecting exposed network devices.

  • Mirai family
  • Reads runtime system information 1 IoCs

    Reads data from /proc virtual filesystem.

Processes

  • /tmp/da6882e8935833f15c895f722470b2f1c816cb5f55f5c3322e2d6bf7797a8d16.elf
    /tmp/da6882e8935833f15c895f722470b2f1c816cb5f55f5c3322e2d6bf7797a8d16.elf
    1⤵
    • Reads runtime system information
    PID:704

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/704-1-0x00008000-0x000297a4-memory.dmp