Analysis
-
max time kernel
149s -
max time network
150s -
platform
debian-9_armhf -
resource
debian9-armhf-20240418-en -
resource tags
arch:armhfimage:debian9-armhf-20240418-enkernel:4.9.0-13-armmp-lpaelocale:en-usos:debian-9-armhfsystem -
submitted
09-11-2024 17:07
General
-
Target
main_arm.elf
-
Size
52KB
-
MD5
eab6d2fd90038d865256e34819598c47
-
SHA1
87d48014d583424ce95ba8f7121a7c3c92aa68ac
-
SHA256
91037143583850ef6265d18badb394486086c73be7de118df1c065c2df439314
-
SHA512
1817bf88f23a7b79b38cc72a08b1d5462656ae5a1d7be01c5c9b61e552c4d559de36f5009c5292b677d6e7b88664df50452a61a0757c06e5567881e4d4f23377
-
SSDEEP
768:cxq5oYH1K/bObGwBcK84N5QLdXaIf6KqJ+ZsRp7HdMHAiOUl3EOY4PTnJQoiMRxU:8jnBWDNbKqJZRNEOUlLPTJg0m8jUs9Y
Malware Config
Extracted
Family
mirai
C2
185.78.76.132
Signatures
-
Mirai family
-
Deletes itself 1 IoCs
Processes:
main_arm.elfpid process 637 main_arm.elf -
Changes its process name 1 IoCs
Processes:
main_arm.elfdescription ioc pid process Changes the process name, possibly in an attempt to hide itself httpd 637 main_arm.elf -
Processes:
main_arm.elfdescription ioc process File opened for reading /proc/self/exe main_arm.elf -
Writes file to tmp directory 1 IoCs
Malware often drops required files in the /tmp directory.
Processes:
main_arm.elfdescription ioc process File opened for modification /tmp/main_arm.elf (deleted) main_arm.elf