Analysis

  • max time kernel
    10s
  • max time network
    10s
  • platform
    ubuntu-24.04_amd64
  • resource
    ubuntu2404-amd64-20240729-en
  • resource tags

    arch:amd64arch:i386image:ubuntu2404-amd64-20240729-enkernel:6.8.0-31-genericlocale:en-usos:ubuntu-24.04-amd64system
  • submitted
    09-11-2024 17:02

General

  • Target

    main_x86_64

  • Size

    55KB

  • MD5

    b25157b8fa8b2b42365fc4c47c3f3a90

  • SHA1

    7f10ffdfdab3b0a57a00f68228f6b09d8e947d92

  • SHA256

    ea31e91663d5b3564d49cf4e55d093df807f755f488237cc0a90f9a89458335a

  • SHA512

    e01fd4b338d9c9e412873f0ae39d53c54341f4fa8d02d16f36f87db446e181dfb0649f44a22d0a24f6bc1a66fab0e19b538c5ed6539db8efbabcc3ed36dbb059

  • SSDEEP

    1536:fXb4C6UCl/YX2pTFzKMZ+5QpxSukCWFrpeTiJaQJRFudh:sCQ1FO8pkXCWDeDQ9udh

Score
10/10

Malware Config

Extracted

Family

mirai

C2

185.78.76.132

Signatures

  • Mirai

    Mirai is a prevalent Linux malware infecting exposed network devices.

  • Mirai family
  • Deletes itself 1 IoCs
  • Changes its process name 1 IoCs
  • Reads runtime system information 1 IoCs

    Reads data from /proc virtual filesystem.

  • Writes file to tmp directory 1 IoCs

    Malware often drops required files in the /tmp directory.

Processes

  • /tmp/main_x86_64
    /tmp/main_x86_64
    1⤵
    • Deletes itself
    • Changes its process name
    • Reads runtime system information
    • Writes file to tmp directory
    PID:2514

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/2514-1-0x0000000000400000-0x000000000052ce60-memory.dmp