Analysis
-
max time kernel
122s -
max time network
3s -
platform
debian-9_mips -
resource
debian9-mipsbe-20240611-en -
resource tags
-
submitted
29-12-2024 13:58
General
-
Target
45.200.149.186-boatnet.mips-2024-12-28T012259.elf
-
Size
23KB
-
MD5
a5146364559cb2fd33788631662d0f2f
-
SHA1
c86827ef51a1a2e25bd5538863f95ab843682a1f
-
SHA256
775001dc06bcec99a3702707759ad62655797753cc26d5fcdf10a74663c593f6
-
SHA512
df6f9197041fd57dd385aac88e83aa4b6d26a0bdb22381ae63f54571284139662819a7ccdbc2ab85c62ef11212df9a0e7c1f2bf50e705dde8aa9c6e0b5ab05ef
-
SSDEEP
384:neD8ZSH2LLZUYyGZbsOiTrowSN9rnZMINlphQ/HYtuiYKmdzJgGlzDpH7uNj1JA5:neD8ZSWvZHZbs1row697qohQvg9YKiz9
Score
10/10
Malware Config
Extracted
Family
mirai
Botnet
LZRD
Signatures
-
Mirai
Mirai is a prevalent Linux malware infecting exposed network devices.
-
Mirai family
-
Modifies Watchdog functionality 1 TTPs 2 IoCs
Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.
-
Writes file to system bin folder 2 IoCs
-
Reads runtime system information 21 IoCs
Reads data from /proc virtual filesystem.
-
System Network Configuration Discovery 1 TTPs 1 IoCs
Adversaries may gather information about the network configuration of a system.
Processes
-
/tmp/45.200.149.186-boatnet.mips-2024-12-28T012259.elf/tmp/45.200.149.186-boatnet.mips-2024-12-28T012259.elf1⤵
- Modifies Watchdog functionality
- Writes file to system bin folder
- Reads runtime system information
- System Network Configuration Discovery