mirai | 4e26e5271b9eeaddec3969bfc3c20f4b348b2b02e1ed076471f46096ad62c5f6

Analysis

max time kernel
144s
max time network
160s
platform
debian-9_armhf
resource
debian9-armhf-20240611-en
resource tags

arch:armhfimage:debian9-armhf-20240611-enkernel:4.9.0-13-armmp-lpaelocale:en-usos:debian-9-armhfsystem
submitted
30-12-2024 01:19

Target

.Sarm7.elf
Size

56KB
MD5

4717d4355735701317c8ed18eda475c5
SHA1

0f9f3434b80f309d77406d9498a99f1781c82094
SHA256

4e26e5271b9eeaddec3969bfc3c20f4b348b2b02e1ed076471f46096ad62c5f6
SHA512

46b88ecffa655f6698e3ef9f85e29809fb301e1bb57663ef89e1cf470fe19d719c3460dd324a56e2b7a39da2882a16c570efb4668e263bf4f07b34e9674e1552
SSDEEP

1536:DCKWfy1sazvsUJO5f8knJzRU/hEnLeGg1tqW0xfbAMOARS:Zara/JO5ftnUpEnLeGAkWUjJ7S

Score

10^/10

Family

mirai

e.xijinping.mov

Mirai
Mirai is a prevalent Linux malware infecting exposed network devices.
botnet mirai
Mirai family
mirai

Deletes itself 1 IoCs

pid	Process
652	.Sarm7.elf

Traces itself 1 IoCs

Traces itself to prevent debugging attempts

pid	Process
652	.Sarm7.elf

Writes file to system bin folder 2 IoCs

description	ioc	Process
File opened for modification	/sbin/watchdog	.Sarm7.elf
File opened for modification	/bin/watchdog	.Sarm7.elf

Changes its process name 1 IoCs

description	ioc	pid	Process
Changes the process name, possibly in an attempt to hide itself	/var/Sofia	652	.Sarm7.elf

Reads runtime system information 1 IoCs

Reads data from /proc virtual filesystem.

description	ioc	Process
File opened for reading	/proc/self/exe	.Sarm7.elf

Writes file to tmp directory 2 IoCs

Malware often drops required files in the /tmp directory.

description	ioc	Process
File opened for modification	/tmp/��	.Sarm7.elf
File opened for modification	/tmp/��	.Sarm7.elf