Analysis
-
max time kernel
149s -
max time network
176s -
platform
debian-9_armhf -
resource
debian9-armhf-20240611-en -
resource tags
arch:armhfimage:debian9-armhf-20240611-enkernel:4.9.0-13-armmp-lpaelocale:en-usos:debian-9-armhfsystem -
submitted
09-11-2024 17:07
General
-
Target
main_arm7.elf
-
Size
70KB
-
MD5
9bfd893516983392b92ba38d12651beb
-
SHA1
30bdf63499a8c40de8f1cfed03f81d79c5733090
-
SHA256
743d6ade0592d3553e65e104c7dee57f1ef4fe2a4fad83d991229db2f93ef116
-
SHA512
f757b51b9fd3f4f3487df050e0f4da6df5c6eb362868d1b6b3e45775df11d09d395209ae3b92c02ef6acfd1d136b555aa4471af199d3e92e6782b060facc4a4f
-
SSDEEP
1536:odxRe2zqFwekmSFW4jpVc1KRY5zSF0/BTpRFDlvG8Yle1mBQrIK:Kj5z7mH4jDwSYn/Jz/HYl7Qr
Malware Config
Extracted
Family
mirai
C2
185.78.76.132
Signatures
-
Mirai family
-
Deletes itself 1 IoCs
Processes:
main_arm7.elfpid process 661 main_arm7.elf -
Changes its process name 1 IoCs
Processes:
main_arm7.elfdescription ioc pid process Changes the process name, possibly in an attempt to hide itself httpd 661 main_arm7.elf -
Processes:
main_arm7.elfdescription ioc process File opened for reading /proc/self/exe main_arm7.elf -
Writes file to tmp directory 1 IoCs
Malware often drops required files in the /tmp directory.
Processes:
main_arm7.elfdescription ioc process File opened for modification /tmp/main_arm7.elf main_arm7.elf