Analysis

  • max time kernel
    149s
  • max time network
    150s
  • platform
    debian-9_armhf
  • resource
    debian9-armhf-20240418-en
  • resource tags

    arch:armhfimage:debian9-armhf-20240418-enkernel:4.9.0-13-armmp-lpaelocale:en-usos:debian-9-armhfsystem
  • submitted
    09-11-2024 17:07

General

  • Target

    main_arm.elf

  • Size

    52KB

  • MD5

    eab6d2fd90038d865256e34819598c47

  • SHA1

    87d48014d583424ce95ba8f7121a7c3c92aa68ac

  • SHA256

    91037143583850ef6265d18badb394486086c73be7de118df1c065c2df439314

  • SHA512

    1817bf88f23a7b79b38cc72a08b1d5462656ae5a1d7be01c5c9b61e552c4d559de36f5009c5292b677d6e7b88664df50452a61a0757c06e5567881e4d4f23377

  • SSDEEP

    768:cxq5oYH1K/bObGwBcK84N5QLdXaIf6KqJ+ZsRp7HdMHAiOUl3EOY4PTnJQoiMRxU:8jnBWDNbKqJZRNEOUlLPTJg0m8jUs9Y

Score
10/10

Malware Config

Extracted

Family

mirai

C2

185.78.76.132

Signatures

  • Mirai

    Mirai is a prevalent Linux malware infecting exposed network devices.

  • Mirai family
  • Deletes itself 1 IoCs
  • Changes its process name 1 IoCs
  • Reads runtime system information 1 IoCs

    Reads data from /proc virtual filesystem.

  • Writes file to tmp directory 1 IoCs

    Malware often drops required files in the /tmp directory.

Processes

  • /tmp/main_arm.elf
    /tmp/main_arm.elf
    1⤵
    • Deletes itself
    • Changes its process name
    • Reads runtime system information
    • Writes file to tmp directory
    PID:637

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/637-1-0x00008000-0x00038434-memory.dmp