Analysis
-
max time kernel
64s -
max time network
133s -
platform
ubuntu-24.04_amd64 -
resource
ubuntu2404-amd64-20240523-en -
resource tags
-
submitted
31-01-2025 04:21
General
-
Target
ae57550d71ebf3957a2221f0b9cf58cfe8a119ef8f8ca4ab4c839aa3b3424867.elf
-
Size
83KB
-
MD5
8c6e6dc4f224e20117ff59bdf8fe79bf
-
SHA1
9dc4b87c2a0762e8aa969c4ef6ebd52c52a4a5eb
-
SHA256
ae57550d71ebf3957a2221f0b9cf58cfe8a119ef8f8ca4ab4c839aa3b3424867
-
SHA512
519b7a62010b422135077c7900b3590a381d701c789ff9c4ad45d091ec1b657d29d61fb2037f4a5113a63e2b05fb3bad25e61d136dd54a4347059c6f5dab299e
-
SSDEEP
1536:GTqRR2Rm+KCVWMLN3kHEIbAjp6gaDMQc1DI1MwUwl4jz1uhOTo8DBDYTIIM:62Rgm+H1LN27bAFNagQc1s2wUwo1uhOH
Malware Config
Extracted
mirai
UNSTABLE
dkdrlahhwlxptmxm2.p-e.kr
Signatures
-
Mirai
Mirai is a prevalent Linux malware infecting exposed network devices.
-
Mirai family
-
File and Directory Permissions Modification 1 TTPs 4 IoCs
Adversaries may modify file or directory permissions to evade defenses.
-
Executes dropped EXE 44 IoCs
-
Creates/modifies Cron job 1 TTPs 44 IoCs
Cron allows running tasks on a schedule, and is commonly used for malware persistence.
-
Creates/modifies environment variables 1 TTPs 3 IoCs
Creating/modifying environment variables is a common persistence mechanism.
-
Modifies init.d 2 TTPs 1 IoCs
Adds/modifies system service, likely for persistence.
-
Modifies rc script 2 TTPs 1 IoCs
Adding/modifying system rc scripts is a common persistence mechanism.
-
Modifies systemd 2 TTPs 1 IoCs
Adds/ modifies systemd service files. Likely to achieve persistence.
-
Writes file to system bin folder 1 IoCs
-
Modifies Bash startup script 2 TTPs 3 IoCs
-
Reads runtime system information 46 IoCs
Reads data from /proc virtual filesystem.
-
Writes file to tmp directory 44 IoCs
Malware often drops required files in the /tmp directory.
Processes
-
/tmp/ae57550d71ebf3957a2221f0b9cf58cfe8a119ef8f8ca4ab4c839aa3b3424867.elf/tmp/ae57550d71ebf3957a2221f0b9cf58cfe8a119ef8f8ca4ab4c839aa3b3424867.elf1⤵
- Executes dropped EXE
- Creates/modifies Cron job
- Writes file to system bin folder
- Reads runtime system information
- Writes file to tmp directory
-
/tmp/filenISzvg/tmp/ae57550d71ebf3957a2221f0b9cf58cfe8a119ef8f8ca4ab4c839aa3b3424867.elf2⤵
- Executes dropped EXE
- Creates/modifies Cron job
- Reads runtime system information
- Writes file to tmp directory
-
/tmp/file2sAVof/tmp/ae57550d71ebf3957a2221f0b9cf58cfe8a119ef8f8ca4ab4c839aa3b3424867.elf3⤵
- Executes dropped EXE
- Creates/modifies Cron job
- Reads runtime system information
- Writes file to tmp directory
-
/tmp/file5sxual/tmp/ae57550d71ebf3957a2221f0b9cf58cfe8a119ef8f8ca4ab4c839aa3b3424867.elf4⤵
- Executes dropped EXE
- Creates/modifies Cron job
- Reads runtime system information
- Writes file to tmp directory
-
/tmp/fileJTAZ4R/tmp/ae57550d71ebf3957a2221f0b9cf58cfe8a119ef8f8ca4ab4c839aa3b3424867.elf5⤵
- Executes dropped EXE
- Creates/modifies Cron job
- Reads runtime system information
- Writes file to tmp directory
-
/tmp/file1OkePG/tmp/ae57550d71ebf3957a2221f0b9cf58cfe8a119ef8f8ca4ab4c839aa3b3424867.elf6⤵
- Executes dropped EXE
- Creates/modifies Cron job
- Reads runtime system information
- Writes file to tmp directory
-
/tmp/fileHHairg/tmp/ae57550d71ebf3957a2221f0b9cf58cfe8a119ef8f8ca4ab4c839aa3b3424867.elf7⤵
- Executes dropped EXE
- Creates/modifies Cron job
- Reads runtime system information
- Writes file to tmp directory
-
/tmp/filejm90o2/tmp/ae57550d71ebf3957a2221f0b9cf58cfe8a119ef8f8ca4ab4c839aa3b3424867.elf8⤵
- Executes dropped EXE
- Creates/modifies Cron job
- Reads runtime system information
- Writes file to tmp directory
-
/tmp/fileqMQgNn/tmp/ae57550d71ebf3957a2221f0b9cf58cfe8a119ef8f8ca4ab4c839aa3b3424867.elf9⤵
- Executes dropped EXE
- Creates/modifies Cron job
- Reads runtime system information
- Writes file to tmp directory
-
/tmp/fileAWSZQA/tmp/ae57550d71ebf3957a2221f0b9cf58cfe8a119ef8f8ca4ab4c839aa3b3424867.elf10⤵
- Executes dropped EXE
- Creates/modifies Cron job
- Reads runtime system information
- Writes file to tmp directory
-
/tmp/filerbTviK/tmp/ae57550d71ebf3957a2221f0b9cf58cfe8a119ef8f8ca4ab4c839aa3b3424867.elf11⤵
- Executes dropped EXE
- Creates/modifies Cron job
- Reads runtime system information
- Writes file to tmp directory
-
/tmp/filebMEmrf/tmp/ae57550d71ebf3957a2221f0b9cf58cfe8a119ef8f8ca4ab4c839aa3b3424867.elf12⤵
- Executes dropped EXE
- Creates/modifies Cron job
- Reads runtime system information
- Writes file to tmp directory
-
/tmp/filec4Utf7/tmp/ae57550d71ebf3957a2221f0b9cf58cfe8a119ef8f8ca4ab4c839aa3b3424867.elf13⤵
- Executes dropped EXE
- Creates/modifies Cron job
- Reads runtime system information
- Writes file to tmp directory
-
/tmp/fileyoXFys/tmp/ae57550d71ebf3957a2221f0b9cf58cfe8a119ef8f8ca4ab4c839aa3b3424867.elf14⤵
- Executes dropped EXE
- Creates/modifies Cron job
- Reads runtime system information
- Writes file to tmp directory
-
/tmp/filegj4uEM/tmp/ae57550d71ebf3957a2221f0b9cf58cfe8a119ef8f8ca4ab4c839aa3b3424867.elf15⤵
- Executes dropped EXE
- Creates/modifies Cron job
- Reads runtime system information
- Writes file to tmp directory
-
/tmp/fileY4G4NT/tmp/ae57550d71ebf3957a2221f0b9cf58cfe8a119ef8f8ca4ab4c839aa3b3424867.elf16⤵
- Executes dropped EXE
- Creates/modifies Cron job
- Reads runtime system information
- Writes file to tmp directory
-
/tmp/fileCtliVr/tmp/ae57550d71ebf3957a2221f0b9cf58cfe8a119ef8f8ca4ab4c839aa3b3424867.elf17⤵
- Executes dropped EXE
- Creates/modifies Cron job
- Reads runtime system information
- Writes file to tmp directory
-
/tmp/filekKa1D7/tmp/ae57550d71ebf3957a2221f0b9cf58cfe8a119ef8f8ca4ab4c839aa3b3424867.elf18⤵
- Executes dropped EXE
- Creates/modifies Cron job
- Reads runtime system information
- Writes file to tmp directory
-
/tmp/fileC86F7l/tmp/ae57550d71ebf3957a2221f0b9cf58cfe8a119ef8f8ca4ab4c839aa3b3424867.elf19⤵
- Executes dropped EXE
- Creates/modifies Cron job
- Reads runtime system information
- Writes file to tmp directory
-
/tmp/fileRLK6lB/tmp/ae57550d71ebf3957a2221f0b9cf58cfe8a119ef8f8ca4ab4c839aa3b3424867.elf20⤵
- Executes dropped EXE
- Creates/modifies Cron job
- Reads runtime system information
- Writes file to tmp directory
-
/tmp/fileSQBen5/tmp/ae57550d71ebf3957a2221f0b9cf58cfe8a119ef8f8ca4ab4c839aa3b3424867.elf21⤵
- Executes dropped EXE
- Creates/modifies Cron job
- Reads runtime system information
- Writes file to tmp directory
-
/tmp/file3phePm/tmp/ae57550d71ebf3957a2221f0b9cf58cfe8a119ef8f8ca4ab4c839aa3b3424867.elf22⤵
- Executes dropped EXE
- Creates/modifies Cron job
- Reads runtime system information
- Writes file to tmp directory
-
/tmp/fileOMZcn8/tmp/ae57550d71ebf3957a2221f0b9cf58cfe8a119ef8f8ca4ab4c839aa3b3424867.elf23⤵
- Executes dropped EXE
- Creates/modifies Cron job
- Reads runtime system information
- Writes file to tmp directory
-
/tmp/fileNwMyLP/tmp/ae57550d71ebf3957a2221f0b9cf58cfe8a119ef8f8ca4ab4c839aa3b3424867.elf24⤵
- Executes dropped EXE
- Creates/modifies Cron job
- Reads runtime system information
- Writes file to tmp directory
-
/tmp/filetkOzDe/tmp/ae57550d71ebf3957a2221f0b9cf58cfe8a119ef8f8ca4ab4c839aa3b3424867.elf25⤵
- Executes dropped EXE
- Creates/modifies Cron job
- Reads runtime system information
- Writes file to tmp directory
-
/tmp/filetIPbWB/tmp/ae57550d71ebf3957a2221f0b9cf58cfe8a119ef8f8ca4ab4c839aa3b3424867.elf26⤵
- Executes dropped EXE
- Creates/modifies Cron job
- Reads runtime system information
- Writes file to tmp directory
-
/tmp/file0FCJDG/tmp/ae57550d71ebf3957a2221f0b9cf58cfe8a119ef8f8ca4ab4c839aa3b3424867.elf27⤵
- Executes dropped EXE
- Creates/modifies Cron job
- Reads runtime system information
- Writes file to tmp directory
-
/tmp/fileWDO9me/tmp/ae57550d71ebf3957a2221f0b9cf58cfe8a119ef8f8ca4ab4c839aa3b3424867.elf28⤵
- Executes dropped EXE
- Creates/modifies Cron job
- Reads runtime system information
- Writes file to tmp directory
-
/tmp/filewLHQtf/tmp/ae57550d71ebf3957a2221f0b9cf58cfe8a119ef8f8ca4ab4c839aa3b3424867.elf29⤵
- Executes dropped EXE
- Creates/modifies Cron job
- Reads runtime system information
- Writes file to tmp directory
-
/tmp/filewFGopI/tmp/ae57550d71ebf3957a2221f0b9cf58cfe8a119ef8f8ca4ab4c839aa3b3424867.elf30⤵
- Executes dropped EXE
- Creates/modifies Cron job
- Reads runtime system information
- Writes file to tmp directory
-
/tmp/fileHQpz5C/tmp/ae57550d71ebf3957a2221f0b9cf58cfe8a119ef8f8ca4ab4c839aa3b3424867.elf31⤵
- Executes dropped EXE
- Creates/modifies Cron job
- Reads runtime system information
- Writes file to tmp directory
-
/tmp/fileIqqRp1/tmp/ae57550d71ebf3957a2221f0b9cf58cfe8a119ef8f8ca4ab4c839aa3b3424867.elf32⤵
- Executes dropped EXE
- Creates/modifies Cron job
- Reads runtime system information
- Writes file to tmp directory
-
/tmp/file8HPUQ2/tmp/ae57550d71ebf3957a2221f0b9cf58cfe8a119ef8f8ca4ab4c839aa3b3424867.elf33⤵
- Executes dropped EXE
- Creates/modifies Cron job
- Reads runtime system information
- Writes file to tmp directory
-
/tmp/filek6XUU3/tmp/ae57550d71ebf3957a2221f0b9cf58cfe8a119ef8f8ca4ab4c839aa3b3424867.elf34⤵
- Executes dropped EXE
- Creates/modifies Cron job
- Reads runtime system information
- Writes file to tmp directory
-
/tmp/filehaZEyr/tmp/ae57550d71ebf3957a2221f0b9cf58cfe8a119ef8f8ca4ab4c839aa3b3424867.elf35⤵
- Executes dropped EXE
- Creates/modifies Cron job
- Reads runtime system information
- Writes file to tmp directory
-
/tmp/fileJh5fCj/tmp/ae57550d71ebf3957a2221f0b9cf58cfe8a119ef8f8ca4ab4c839aa3b3424867.elf36⤵
- Executes dropped EXE
- Creates/modifies Cron job
- Reads runtime system information
- Writes file to tmp directory
-
/tmp/file0HK4az/tmp/ae57550d71ebf3957a2221f0b9cf58cfe8a119ef8f8ca4ab4c839aa3b3424867.elf37⤵
- Executes dropped EXE
- Creates/modifies Cron job
- Reads runtime system information
- Writes file to tmp directory
-
/tmp/fileW4p3EV/tmp/ae57550d71ebf3957a2221f0b9cf58cfe8a119ef8f8ca4ab4c839aa3b3424867.elf38⤵
- Executes dropped EXE
- Creates/modifies Cron job
- Reads runtime system information
- Writes file to tmp directory
-
/tmp/fileXnPjCv/tmp/ae57550d71ebf3957a2221f0b9cf58cfe8a119ef8f8ca4ab4c839aa3b3424867.elf39⤵
- Executes dropped EXE
- Creates/modifies Cron job
- Reads runtime system information
- Writes file to tmp directory
-
/tmp/fileWGVg1E/tmp/ae57550d71ebf3957a2221f0b9cf58cfe8a119ef8f8ca4ab4c839aa3b3424867.elf40⤵
- Executes dropped EXE
- Creates/modifies Cron job
- Reads runtime system information
- Writes file to tmp directory
-
/tmp/file7nNhgY/tmp/ae57550d71ebf3957a2221f0b9cf58cfe8a119ef8f8ca4ab4c839aa3b3424867.elf41⤵
- Executes dropped EXE
- Creates/modifies Cron job
- Reads runtime system information
- Writes file to tmp directory
-
/tmp/file8k1sbi/tmp/ae57550d71ebf3957a2221f0b9cf58cfe8a119ef8f8ca4ab4c839aa3b3424867.elf42⤵
- Executes dropped EXE
- Creates/modifies Cron job
- Reads runtime system information
- Writes file to tmp directory
-
/tmp/fileMhS24H/tmp/ae57550d71ebf3957a2221f0b9cf58cfe8a119ef8f8ca4ab4c839aa3b3424867.elf43⤵
- Executes dropped EXE
- Creates/modifies Cron job
- Reads runtime system information
- Writes file to tmp directory
-
/tmp/fileJ56vDb/tmp/ae57550d71ebf3957a2221f0b9cf58cfe8a119ef8f8ca4ab4c839aa3b3424867.elf44⤵
- Executes dropped EXE
- Creates/modifies Cron job
- Reads runtime system information
- Writes file to tmp directory
-
/tmp/filemPSLCh/tmp/ae57550d71ebf3957a2221f0b9cf58cfe8a119ef8f8ca4ab4c839aa3b3424867.elf45⤵
- Creates/modifies environment variables
- Modifies init.d
- Modifies rc script
- Modifies systemd
- Modifies Bash startup script
-
/bin/shsh -c "chmod +x /etc/systemd/system/holdservice.service"46⤵
- File and Directory Permissions Modification
-
/usr/bin/chmodchmod +x /etc/systemd/system/holdservice.service47⤵
- File and Directory Permissions Modification
-
-
-
/bin/shsh -c "systemctl enable holdservice.service"46⤵
-
/usr/bin/systemctlsystemctl enable holdservice.service47⤵
- Reads runtime system information
-
-
-
/bin/shsh -c "systemctl start holdservice.service"46⤵
-
/usr/bin/systemctlsystemctl start holdservice.service47⤵
- Reads runtime system information
-
-
-
/bin/shsh -c "chmod +x /etc/init.d/holdservice"46⤵
- File and Directory Permissions Modification
-
/usr/bin/chmodchmod +x /etc/init.d/holdservice47⤵
- File and Directory Permissions Modification
-
-
-
/bin/shsh -c "ln -s /etc/init.d/holdservice /etc/rc.d/"46⤵
-
/usr/bin/lnln -s /etc/init.d/holdservice /etc/rc.d/47⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
Network
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
4XDG Autostart Entries
1Boot or Logon Initialization Scripts
2RC Scripts
2Create or Modify System Process
1Systemd Service
1Event Triggered Execution
1Unix Shell Configuration Modification
1Hijack Execution Flow
1Path Interception by PATH Environment Variable
1Scheduled Task/Job
1Cron
1Privilege Escalation
Boot or Logon Autostart Execution
4XDG Autostart Entries
1Boot or Logon Initialization Scripts
2RC Scripts
2Create or Modify System Process
1Systemd Service
1Event Triggered Execution
1Unix Shell Configuration Modification
1Hijack Execution Flow
1Path Interception by PATH Environment Variable
1Scheduled Task/Job
1Cron
1Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
92B
MD53f006f7f81fc17be7f4a0d3da0fad5de
SHA197a94d3d0654c6551057af3809b52572bd7f9f5d
SHA256982f9e0f089b91ba79df723435099df15c72e1201a45010ee60226ab136c93bf
SHA51297d2ac0057427b940ada7c0fc805c1966e2535c3c3767ca85fef4a7e0fdc9d4ef9eb133530408b1e439df067881cb317e948ad9bfd487e958a04c97d9db978e0
-
Filesize
65B
MD541b39ed660fe33c346fa00893db8b64c
SHA18b84df9e45ce6bbb30cb4fdda96cc505059a2cf5
SHA256cf68147cb6f1d00f50cd767d6e7f18a885089bf0477eaa303b3f7bb3efc886e9
SHA512e16a400384c2b859e370974f472a0d44effcabc72ec2c03e7fc2160308aefee928c3bbc3a812c65a4155026607323bb75316fb92d7177b4d4b709f0a7e48ca32
-
Filesize
211B
MD5a64afd09e9ba88dca938e67aa4fd08e1
SHA1328fc42c946e603cecf25c247ecf791d83a241e5
SHA256b51f1c9ea38f7edb6620b26a52092f2f7e3448b284fafa40cc9d9369a41dc119
SHA5128a7761bf668ca040d4ced00effcc891f204e0cef96936784251c46351bacfa426d91dd8c5736d35f87d1db8fedbe1188eac92082d92f8afa4e00afd9351ff88a
-
Filesize
54B
MD5e063225b21707bd2d33b82a80d6ce6e6
SHA15ed3df211dd5dec270253d50015a6fd76327dd40
SHA256e9c0e95c2ad32c0d5bdd3d31c3c60baee5a1f9d4fb575b8cb5557feaf8e067d0
SHA5124fb9714be5daa59545b2e476534d929923c571ca7a4a35b5a21d5ea4616ed093ab38b68ef50b20000e95a07567c2b032a466081ea2ec7270dd75c9c6b951f0bd
-
Filesize
75KB
MD5b1488f690c3c040ed55319c7984cb6cb
SHA11a1e939efcda411ab7c03d1e20a18147ab614ebc
SHA256bae897ba53659ac7cb0c8a62003296dfb54b1078d9c24abbfdc3eea1edf44121
SHA51221e58b5e7b858d43644e17679635b9d73b2974314dfb8255af84677f66c2dea771a71f6b3d229dc983e1e1e45e642de10399f44be42ffe806de9bca2a75cf694
-
Filesize
83KB
MD58c6e6dc4f224e20117ff59bdf8fe79bf
SHA19dc4b87c2a0762e8aa969c4ef6ebd52c52a4a5eb
SHA256ae57550d71ebf3957a2221f0b9cf58cfe8a119ef8f8ca4ab4c839aa3b3424867
SHA512519b7a62010b422135077c7900b3590a381d701c789ff9c4ad45d091ec1b657d29d61fb2037f4a5113a63e2b05fb3bad25e61d136dd54a4347059c6f5dab299e