Analysis
-
max time kernel
10s -
max time network
10s -
platform
ubuntu-24.04_amd64 -
resource
ubuntu2404-amd64-20240729-en -
resource tags
arch:amd64arch:i386image:ubuntu2404-amd64-20240729-enkernel:6.8.0-31-genericlocale:en-usos:ubuntu-24.04-amd64system -
submitted
09-11-2024 17:02
General
-
Target
main_x86_64
-
Size
55KB
-
MD5
b25157b8fa8b2b42365fc4c47c3f3a90
-
SHA1
7f10ffdfdab3b0a57a00f68228f6b09d8e947d92
-
SHA256
ea31e91663d5b3564d49cf4e55d093df807f755f488237cc0a90f9a89458335a
-
SHA512
e01fd4b338d9c9e412873f0ae39d53c54341f4fa8d02d16f36f87db446e181dfb0649f44a22d0a24f6bc1a66fab0e19b538c5ed6539db8efbabcc3ed36dbb059
-
SSDEEP
1536:fXb4C6UCl/YX2pTFzKMZ+5QpxSukCWFrpeTiJaQJRFudh:sCQ1FO8pkXCWDeDQ9udh
Malware Config
Extracted
Family
mirai
C2
185.78.76.132
Signatures
-
Mirai family
-
Deletes itself 1 IoCs
Processes:
main_x86_64pid process 2514 main_x86_64 -
Changes its process name 1 IoCs
Processes:
main_x86_64description ioc pid process Changes the process name, possibly in an attempt to hide itself httpd 2514 main_x86_64 -
Processes:
main_x86_64description ioc process File opened for reading /proc/self/exe main_x86_64 -
Writes file to tmp directory 1 IoCs
Malware often drops required files in the /tmp directory.
Processes:
main_x86_64description ioc process File opened for modification /tmp/main_x86_64 main_x86_64