Analysis
-
max time kernel
149s -
max time network
153s -
platform
debian-9_armhf -
resource
debian9-armhf-20240611-en -
resource tags
arch:armhfimage:debian9-armhf-20240611-enkernel:4.9.0-13-armmp-lpaelocale:en-usos:debian-9-armhfsystem -
submitted
09-11-2024 17:07
General
-
Target
main_arm5.elf
-
Size
51KB
-
MD5
3daf9a14ffe954173a1b7cb766855824
-
SHA1
b16cdb1f1dfced4d5c29a6c20b0be469f8fb465d
-
SHA256
4f8e71a72f44cc8b114cc5123d8233fc583474f6ba120ed1d9cc2e219c9e6349
-
SHA512
b5430bfede5024aacd4e138dcfd9a8bac0c324ddd032ff48e1f88bc22e1c0eeb007e702f24f0d0d50424c37418cc741625acaaee5ff82dd6bf4c196ae444e19f
-
SSDEEP
1536:Bw58wAEL7w1GZPrVyovh7ex13OaE034hN:Bw5/LiaVDIn9oP
Malware Config
Extracted
Family
mirai
C2
185.78.76.132
Signatures
-
Mirai family
-
Deletes itself 1 IoCs
Processes:
main_arm5.elfpid process 650 main_arm5.elf -
Changes its process name 1 IoCs
Processes:
main_arm5.elfdescription ioc pid process Changes the process name, possibly in an attempt to hide itself httpd 650 main_arm5.elf -
Processes:
main_arm5.elfdescription ioc process File opened for reading /proc/self/exe main_arm5.elf -
Writes file to tmp directory 1 IoCs
Malware often drops required files in the /tmp directory.
Processes:
main_arm5.elfdescription ioc process File opened for modification /tmp/main_arm5.elf main_arm5.elf