Analysis

  • max time kernel
    150s
  • max time network
    155s
  • platform
    debian-9_mips
  • resource
    debian9-mipsbe-20240611-en
  • resource tags

    arch:mipsimage:debian9-mipsbe-20240611-enkernel:4.9.0-13-4kc-maltalocale:en-usos:debian-9-mipssystem
  • submitted
    09-11-2024 17:07

General

  • Target

    main_mips.elf

  • Size

    57KB

  • MD5

    a9da2c07de94b6f332246f5bf2e987b4

  • SHA1

    09e35b5eaad5663d4238a2c8762c418653c136f0

  • SHA256

    99837b4e5d6d2431a09ccdd98eda8f1cd78080a6bd8b9c7300f9210ba463257e

  • SHA512

    d84269726b5b601639afcbf29b191bba9d1baf76ace9d57d4d00ce427437e83493682098a10e5d6d4c3333ec155fdc7dd54df56dea69dced14bd967ec44b55e9

  • SSDEEP

    1536:dLYFEngSHApbLuIt6cJXIDSaepVxgF3GtkfdwVqYu:dL0EO/EAEwkfGVqYu

Score
10/10

Malware Config

Signatures

  • Mirai

    Mirai is a prevalent Linux malware infecting exposed network devices.

  • Mirai family
  • Deletes itself 1 IoCs
  • Changes its process name 1 IoCs
  • Reads runtime system information 1 IoCs

    Reads data from /proc virtual filesystem.

  • System Network Configuration Discovery 1 TTPs 1 IoCs

    Adversaries may gather information about the network configuration of a system.

  • Writes file to tmp directory 1 IoCs

    Malware often drops required files in the /tmp directory.

Processes

  • /tmp/main_mips.elf
    /tmp/main_mips.elf
    1⤵
    • Deletes itself
    • Changes its process name
    • Reads runtime system information
    • System Network Configuration Discovery
    • Writes file to tmp directory
    PID:697

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/697-1-0x00400000-0x00473cb0-memory.dmp