mirai | 23b7d13eac7a7440b4d7c8ef07d8bb77346be4edd58d659bb7a05aa551295bf9

Analysis

max time kernel
0s
max time network
128s
platform
ubuntu-24.04_amd64
resource
ubuntu2404-amd64-20240523-en
resource tags

arch:amd64arch:i386image:ubuntu2404-amd64-20240523-enkernel:6.8.0-31-genericlocale:en-usos:ubuntu-24.04-amd64system
submitted
30-12-2024 01:18

Target

.Sx86_64.elf
Size

33KB
MD5

81a79191b66811aab9fc1fba72f6b09d
SHA1

76b03ebcc6a07f5bba4caac7d35cb2d8cd60f35b
SHA256

23b7d13eac7a7440b4d7c8ef07d8bb77346be4edd58d659bb7a05aa551295bf9
SHA512

66e356ab9490aec7d4ce1f2e5eccb06f593cfaf0a415f6f92333b49ad26801be5f317becba77859dab50f296a29d41ace90417915d3a918c4d5ed88cfb5c204a
SSDEEP

768:CSZt5YsWGQLgseUBsjg5TUQt2MDxImC82/SJiuh1qUv7KnYWgEixWb8rx0I4:CSZt5vWGQMseUBsjgxhkmEQDKRgEixkT

Score

10^/10

Family

mirai

e.xijinping.mov

Mirai
Mirai is a prevalent Linux malware infecting exposed network devices.
botnet mirai
Mirai family
mirai

Deletes itself 1 IoCs

pid	Process
2451	.Sx86_64.elf

Traces itself 1 IoCs

Traces itself to prevent debugging attempts

pid	Process
2451	.Sx86_64.elf

Writes file to system bin folder 2 IoCs

description	ioc	Process
File opened for modification	/sbin/watchdog	.Sx86_64.elf
File opened for modification	/bin/watchdog	.Sx86_64.elf

Changes its process name 1 IoCs

description	ioc	pid	Process
Changes the process name, possibly in an attempt to hide itself	/var/Sofia	2451	.Sx86_64.elf

Reads runtime system information 1 IoCs

Reads data from /proc virtual filesystem.

description	ioc	Process
File opened for reading	/proc/2453/fd	.Sx86_64.elf

Writes file to tmp directory 2 IoCs

Malware often drops required files in the /tmp directory.

description	ioc	Process
File opened for modification	/tmp/��	.Sx86_64.elf
File opened for modification	/tmp/��	.Sx86_64.elf