Analysis

  • max time kernel
    149s
  • max time network
    176s
  • platform
    debian-9_armhf
  • resource
    debian9-armhf-20240611-en
  • resource tags

    arch:armhfimage:debian9-armhf-20240611-enkernel:4.9.0-13-armmp-lpaelocale:en-usos:debian-9-armhfsystem
  • submitted
    09-11-2024 17:07

General

  • Target

    main_arm7.elf

  • Size

    70KB

  • MD5

    9bfd893516983392b92ba38d12651beb

  • SHA1

    30bdf63499a8c40de8f1cfed03f81d79c5733090

  • SHA256

    743d6ade0592d3553e65e104c7dee57f1ef4fe2a4fad83d991229db2f93ef116

  • SHA512

    f757b51b9fd3f4f3487df050e0f4da6df5c6eb362868d1b6b3e45775df11d09d395209ae3b92c02ef6acfd1d136b555aa4471af199d3e92e6782b060facc4a4f

  • SSDEEP

    1536:odxRe2zqFwekmSFW4jpVc1KRY5zSF0/BTpRFDlvG8Yle1mBQrIK:Kj5z7mH4jDwSYn/Jz/HYl7Qr

Score
10/10

Malware Config

Extracted

Family

mirai

C2

185.78.76.132

Signatures

  • Mirai

    Mirai is a prevalent Linux malware infecting exposed network devices.

  • Mirai family
  • Deletes itself 1 IoCs
  • Changes its process name 1 IoCs
  • Reads runtime system information 1 IoCs

    Reads data from /proc virtual filesystem.

  • Writes file to tmp directory 1 IoCs

    Malware often drops required files in the /tmp directory.

Processes

  • /tmp/main_arm7.elf
    /tmp/main_arm7.elf
    1⤵
    • Deletes itself
    • Changes its process name
    • Reads runtime system information
    • Writes file to tmp directory
    PID:661

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/661-1-0x00008000-0x000329ec-memory.dmp