mirai | 4a4474a76f2c39217c3a2ff772bb0f6e00cc79e20063b5a0e70eb7f0115416d4

Analysis

max time kernel
149s
max time network
150s
platform
ubuntu-24.04_amd64
resource
ubuntu2404-amd64-20240523-en
resource tags

arch:amd64arch:i386image:ubuntu2404-amd64-20240523-enkernel:6.8.0-31-genericlocale:en-usos:ubuntu-24.04-amd64system
submitted
01/01/2025, 10:31

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

B_Y_T_E_x86_64.elf
Size

33KB
MD5

3481a304ba793807dac65c12611502b1
SHA1

31becbb26968b26e4880146150183ff3098f9867
SHA256

4a4474a76f2c39217c3a2ff772bb0f6e00cc79e20063b5a0e70eb7f0115416d4
SHA512

c1a4c4903dfee0d46458536d3d97c3e1650a66391e19d45feff04fbcff3264a237a63a6304a1b51bc20dc52443b6fb40e6fb8a84415c0a36afa26d5caef86274
SSDEEP

768:75qcGqEgnXdUyob7iQLY1Ptw6WRZ7550imFXTNXAVPIy0Rsn:7AcFnXeiNuX553EBwVL0Wn

Score

10^/10

mirai botnet discovery

Malware Config

Extracted

Family

mirai

ssffsdfssdfsdfsf.n-e.kr

Signatures

Mirai
Mirai is a prevalent Linux malware infecting exposed network devices.
botnet mirai
Mirai family
mirai
Enumerates running processes
Discovers information about currently running processes on the system

Changes its process name 1 IoCs

description	ioc	pid	Process
Changes the process name, possibly in an attempt to hide itself	a	2524	B_Y_T_E_x86_64.elf

Reads runtime system information 64 IoCs

Reads data from /proc virtual filesystem.

discovery

description	ioc	Process
File opened for reading	/proc/590/cmdline	B_Y_T_E_x86_64.elf
File opened for reading	/proc/741/cmdline	B_Y_T_E_x86_64.elf
File opened for reading	/proc/1988/cmdline	B_Y_T_E_x86_64.elf
File opened for reading	/proc/2579/cmdline	B_Y_T_E_x86_64.elf
File opened for reading	/proc/2775/cmdline	B_Y_T_E_x86_64.elf
File opened for reading	/proc/10/cmdline	B_Y_T_E_x86_64.elf
File opened for reading	/proc/16/cmdline	B_Y_T_E_x86_64.elf
File opened for reading	/proc/2671/cmdline	B_Y_T_E_x86_64.elf
File opened for reading	/proc/2677/cmdline	B_Y_T_E_x86_64.elf
File opened for reading	/proc/2720/cmdline	B_Y_T_E_x86_64.elf
File opened for reading	/proc/2769/cmdline	B_Y_T_E_x86_64.elf
File opened for reading	/proc/2772/cmdline	B_Y_T_E_x86_64.elf
File opened for reading	/proc/2817/cmdline	B_Y_T_E_x86_64.elf
File opened for reading	/proc/13/cmdline	B_Y_T_E_x86_64.elf
File opened for reading	/proc/199/cmdline	B_Y_T_E_x86_64.elf
File opened for reading	/proc/1942/cmdline	B_Y_T_E_x86_64.elf
File opened for reading	/proc/2119/cmdline	B_Y_T_E_x86_64.elf
File opened for reading	/proc/2349/cmdline	B_Y_T_E_x86_64.elf
File opened for reading	/proc/2642/cmdline	B_Y_T_E_x86_64.elf
File opened for reading	/proc/2700/cmdline	B_Y_T_E_x86_64.elf
File opened for reading	/proc/9/cmdline	B_Y_T_E_x86_64.elf
File opened for reading	/proc/43/cmdline	B_Y_T_E_x86_64.elf
File opened for reading	/proc/787/cmdline	B_Y_T_E_x86_64.elf
File opened for reading	/proc/2150/cmdline	B_Y_T_E_x86_64.elf
File opened for reading	/proc/2665/cmdline	B_Y_T_E_x86_64.elf
File opened for reading	/proc/2846/cmdline	B_Y_T_E_x86_64.elf
File opened for reading	/proc/1823/cmdline	B_Y_T_E_x86_64.elf
File opened for reading	/proc/2922/cmdline	B_Y_T_E_x86_64.elf
File opened for reading	/proc/2965/cmdline	B_Y_T_E_x86_64.elf
File opened for reading	/proc/197/cmdline	B_Y_T_E_x86_64.elf
File opened for reading	/proc/275/cmdline	B_Y_T_E_x86_64.elf
File opened for reading	/proc/417/cmdline	B_Y_T_E_x86_64.elf
File opened for reading	/proc/1396/cmdline	B_Y_T_E_x86_64.elf
File opened for reading	/proc/1711/cmdline	B_Y_T_E_x86_64.elf
File opened for reading	/proc/2547/cmdline	B_Y_T_E_x86_64.elf
File opened for reading	/proc/2749/cmdline	B_Y_T_E_x86_64.elf
File opened for reading	/proc/23/cmdline	B_Y_T_E_x86_64.elf
File opened for reading	/proc/1831/cmdline	B_Y_T_E_x86_64.elf
File opened for reading	/proc/2241/cmdline	B_Y_T_E_x86_64.elf
File opened for reading	/proc/2748/cmdline	B_Y_T_E_x86_64.elf
File opened for reading	/proc/2839/cmdline	B_Y_T_E_x86_64.elf
File opened for reading	/proc/2888/cmdline	B_Y_T_E_x86_64.elf
File opened for reading	/proc/1071/cmdline	B_Y_T_E_x86_64.elf
File opened for reading	/proc/1749/cmdline	B_Y_T_E_x86_64.elf
File opened for reading	/proc/2554/cmdline	B_Y_T_E_x86_64.elf
File opened for reading	/proc/2712/cmdline	B_Y_T_E_x86_64.elf
File opened for reading	/proc/2792/cmdline	B_Y_T_E_x86_64.elf
File opened for reading	/proc/2899/cmdline	B_Y_T_E_x86_64.elf
File opened for reading	/proc/357/cmdline	B_Y_T_E_x86_64.elf
File opened for reading	/proc/1928/cmdline	B_Y_T_E_x86_64.elf
File opened for reading	/proc/1975/cmdline	B_Y_T_E_x86_64.elf
File opened for reading	/proc/2852/cmdline	B_Y_T_E_x86_64.elf
File opened for reading	/proc/5/cmdline	B_Y_T_E_x86_64.elf
File opened for reading	/proc/2685/cmdline	B_Y_T_E_x86_64.elf
File opened for reading	/proc/2937/cmdline	B_Y_T_E_x86_64.elf
File opened for reading	/proc/24/cmdline	B_Y_T_E_x86_64.elf
File opened for reading	/proc/45/cmdline	B_Y_T_E_x86_64.elf
File opened for reading	/proc/511/cmdline	B_Y_T_E_x86_64.elf
File opened for reading	/proc/2532/cmdline	B_Y_T_E_x86_64.elf
File opened for reading	/proc/2740/cmdline	B_Y_T_E_x86_64.elf
File opened for reading	/proc/432/cmdline	B_Y_T_E_x86_64.elf
File opened for reading	/proc/2628/cmdline	B_Y_T_E_x86_64.elf
File opened for reading	/proc/1964/cmdline	B_Y_T_E_x86_64.elf
File opened for reading	/proc/2815/cmdline	B_Y_T_E_x86_64.elf

/tmp/B_Y_T_E_x86_64.elf
/tmp/B_Y_T_E_x86_64.elf
1⤵
- Changes its process name
- Reads runtime system information
PID:2524

Analysis

Sharing

General

Malware Config

Extracted

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads