Analysis

  • max time kernel
    0s
  • platform
    debian-9_armhf
  • resource
    debian9-armhf-20240611-en
  • resource tags

    arch:armhfimage:debian9-armhf-20240611-enkernel:4.9.0-13-armmp-lpaelocale:en-usos:debian-9-armhfsystem
  • submitted
    09-11-2024 17:07

General

  • Target

    main_arm6.elf

  • Size

    57KB

  • MD5

    af82f40efc9aa746ae4b44ce4eabc15d

  • SHA1

    8c1a29cad5dbd8da92cf149508ec6393edef6d27

  • SHA256

    dd1b7a1bbc8ad56c263fd120d5897348cc5b528018698c74a322f70e5bd7b18b

  • SHA512

    f45334e0eff4974b4af92267b26cc5f3704149b10ffc5e0e8c39a497b80134e07d8e7920b56a733f66d791ffc574683b98dab85e37a2def5a4727edbad813ecd

  • SSDEEP

    768:lXDmtYu6C4m575J/Hpeq4voit0Dfss5LhK0kURgyrfCaTtENA0dnyL6Q67V7q3Ut:lqtP6C9NpQjt0Dfl1w7OgScNe6R72e

Score
10/10

Malware Config

Extracted

Family

mirai

C2

185.78.76.132

Signatures

  • Mirai

    Mirai is a prevalent Linux malware infecting exposed network devices.

  • Mirai family
  • Reads runtime system information 1 IoCs

    Reads data from /proc virtual filesystem.

Processes

  • /tmp/main_arm6.elf
    /tmp/main_arm6.elf
    1⤵
    • Reads runtime system information
    PID:652

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/652-1-0x00008000-0x0003b5bc-memory.dmp