Analysis
-
max time kernel
150s -
max time network
11s -
platform
debian-9_mips -
resource
debian9-mipsbe-20240611-en -
resource tags
-
submitted
03/12/2024, 01:26
General
-
Target
2ab0f50820059008d2bd413b4a7f06c750068cdb6c5aa46c25014737e816556d.elf
-
Size
23KB
-
MD5
91a7c9ac29f42e0f5ecd076c726bd47a
-
SHA1
6a2cb62a3a3e2bae6023a4b97585dff4d44bf4d4
-
SHA256
2ab0f50820059008d2bd413b4a7f06c750068cdb6c5aa46c25014737e816556d
-
SHA512
dd093cc840a421a935df23b86bae9b33ef69f901cb3eeddd60d9f693dc57a52036ab6e7b6f1c97d303a5c78d1b1fbe1aa99e0bf1db10a64a3a9bd0db92c5481c
-
SSDEEP
384:neD8ZSH2LLZUYyGZbsOiTrowSN9rnZMINlphQ/HYtuimmdzJgGlzDpH7uNj1JA4U:neD8ZSWvZHZbs1row697qohQvg9mizJb
Score
10/10
Malware Config
Extracted
Family
mirai
Botnet
LZRD
Signatures
-
Mirai
Mirai is a prevalent Linux malware infecting exposed network devices.
-
Mirai family
-
Modifies Watchdog functionality 1 TTPs 2 IoCs
Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.
-
Enumerates running processes
Discovers information about currently running processes on the system
-
Writes file to system bin folder 2 IoCs
-
Reads runtime system information 28 IoCs
Reads data from /proc virtual filesystem.
Processes
-
/tmp/2ab0f50820059008d2bd413b4a7f06c750068cdb6c5aa46c25014737e816556d.elf/tmp/2ab0f50820059008d2bd413b4a7f06c750068cdb6c5aa46c25014737e816556d.elf1⤵
- Modifies Watchdog functionality
- Writes file to system bin folder
- Reads runtime system information