Analysis

  • max time kernel
    149s
  • max time network
    153s
  • platform
    debian-9_armhf
  • resource
    debian9-armhf-20240611-en
  • resource tags

    arch:armhfimage:debian9-armhf-20240611-enkernel:4.9.0-13-armmp-lpaelocale:en-usos:debian-9-armhfsystem
  • submitted
    09-11-2024 17:07

General

  • Target

    main_arm5.elf

  • Size

    51KB

  • MD5

    3daf9a14ffe954173a1b7cb766855824

  • SHA1

    b16cdb1f1dfced4d5c29a6c20b0be469f8fb465d

  • SHA256

    4f8e71a72f44cc8b114cc5123d8233fc583474f6ba120ed1d9cc2e219c9e6349

  • SHA512

    b5430bfede5024aacd4e138dcfd9a8bac0c324ddd032ff48e1f88bc22e1c0eeb007e702f24f0d0d50424c37418cc741625acaaee5ff82dd6bf4c196ae444e19f

  • SSDEEP

    1536:Bw58wAEL7w1GZPrVyovh7ex13OaE034hN:Bw5/LiaVDIn9oP

Score
10/10

Malware Config

Extracted

Family

mirai

C2

185.78.76.132

Signatures

  • Mirai

    Mirai is a prevalent Linux malware infecting exposed network devices.

  • Mirai family
  • Deletes itself 1 IoCs
  • Changes its process name 1 IoCs
  • Reads runtime system information 1 IoCs

    Reads data from /proc virtual filesystem.

  • Writes file to tmp directory 1 IoCs

    Malware often drops required files in the /tmp directory.

Processes

  • /tmp/main_arm5.elf
    /tmp/main_arm5.elf
    1⤵
    • Deletes itself
    • Changes its process name
    • Reads runtime system information
    • Writes file to tmp directory
    PID:650

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/650-1-0x00008000-0x00037834-memory.dmp