Analysis
-
max time kernel
122s -
max time network
152s -
platform
debian-9_mips -
resource
debian9-mipsbe-20240611-en -
resource tags
arch:mipsimage:debian9-mipsbe-20240611-enkernel:4.9.0-13-4kc-maltalocale:en-usos:debian-9-mipssystem -
submitted
09-02-2025 10:06
Behavioral task
behavioral1
Sample
Hgf.mips.elf
Resource
debian9-mipsbe-20240611-en
debian-9-mips
9 signatures
150 seconds
General
-
Target
Hgf.mips.elf
-
Size
26KB
-
MD5
e1b2e0490dadd99532976573fae2bed1
-
SHA1
4729b1bc4958a7436ccc12f58639019bad6f01f3
-
SHA256
f23f399f85f41d5971445cdf5866701b8dfe01f64c4ea033635aa69f5ce0cfed
-
SHA512
d6753625abda9d5fd228262d7352bff2d1aa0f64d296e0398ff980c59f2ea90a1a37d3302cc6303c31bd897d534d86d1b5a30ff7d8924c8ecd7316dc08277c2f
-
SSDEEP
768:qI6U6Wx9Jk9bhLnPsrWNnWBsJgGlzDpUYswX:dcwHk1JU+WBkVqYXX
Score
10/10
Malware Config
Extracted
Family
mirai
Botnet
BOTNET
Signatures
-
Mirai family
-
Contacts a large (60903) amount of remote hosts 1 TTPs
This may indicate a network scan to discover remotely running services.
-
Creates a large amount of network flows 1 TTPs
This may indicate a network scan to discover remotely running services.
-
Modifies Watchdog functionality 1 TTPs 2 IoCs
Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.
description ioc Process File opened for modification /dev/watchdog Hgf.mips.elf File opened for modification /dev/misc/watchdog Hgf.mips.elf -
Enumerates running processes
Discovers information about currently running processes on the system
-
Changes its process name 1 IoCs
description ioc pid Process Changes the process name, possibly in an attempt to hide itself /var/Sofia 702 Hgf.mips.elf -
description ioc Process File opened for reading /proc/655/cmdline Hgf.mips.elf File opened for reading /proc/697/cmdline Hgf.mips.elf File opened for reading /proc/3/cmdline Hgf.mips.elf File opened for reading /proc/7/cmdline Hgf.mips.elf File opened for reading /proc/15/cmdline Hgf.mips.elf File opened for reading /proc/105/cmdline Hgf.mips.elf File opened for reading /proc/168/cmdline Hgf.mips.elf File opened for reading /proc/360/cmdline Hgf.mips.elf File opened for reading /proc/1/cmdline Hgf.mips.elf File opened for reading /proc/11/cmdline Hgf.mips.elf File opened for reading /proc/72/cmdline Hgf.mips.elf File opened for reading /proc/764/cmdline Hgf.mips.elf File opened for reading /proc/5/cmdline Hgf.mips.elf File opened for reading /proc/14/cmdline Hgf.mips.elf File opened for reading /proc/13/cmdline Hgf.mips.elf File opened for reading /proc/374/cmdline Hgf.mips.elf File opened for reading /proc/115/cmdline Hgf.mips.elf File opened for reading /proc/145/cmdline Hgf.mips.elf File opened for reading /proc/326/cmdline Hgf.mips.elf File opened for reading /proc/679/cmdline Hgf.mips.elf File opened for reading /proc/18/cmdline Hgf.mips.elf File opened for reading /proc/22/cmdline Hgf.mips.elf File opened for reading /proc/116/cmdline Hgf.mips.elf File opened for reading /proc/330/cmdline Hgf.mips.elf File opened for reading /proc/695/cmdline Hgf.mips.elf File opened for reading /proc/705/cmdline Hgf.mips.elf File opened for reading /proc/768/cmdline Hgf.mips.elf File opened for reading /proc/8/cmdline Hgf.mips.elf File opened for reading /proc/12/cmdline Hgf.mips.elf File opened for reading /proc/306/cmdline Hgf.mips.elf File opened for reading /proc/self/maps Hgf.mips.elf File opened for reading /proc/19/cmdline Hgf.mips.elf File opened for reading /proc/694/cmdline Hgf.mips.elf File opened for reading /proc/708/cmdline Hgf.mips.elf File opened for reading /proc/9/cmdline Hgf.mips.elf File opened for reading /proc/69/cmdline Hgf.mips.elf File opened for reading /proc/37/cmdline Hgf.mips.elf File opened for reading /proc/66/cmdline Hgf.mips.elf File opened for reading /proc/305/cmdline Hgf.mips.elf File opened for reading /proc/308/cmdline Hgf.mips.elf File opened for reading /proc/666/cmdline Hgf.mips.elf File opened for reading /proc/776/cmdline Hgf.mips.elf File opened for reading /proc/16/cmdline Hgf.mips.elf File opened for reading /proc/17/cmdline Hgf.mips.elf File opened for reading /proc/227/cmdline Hgf.mips.elf File opened for reading /proc/68/cmdline Hgf.mips.elf File opened for reading /proc/204/cmdline Hgf.mips.elf File opened for reading /proc/699/cmdline Hgf.mips.elf File opened for reading /proc/71/cmdline Hgf.mips.elf File opened for reading /proc/77/cmdline Hgf.mips.elf File opened for reading /proc/751/cmdline Hgf.mips.elf File opened for reading /proc/2/cmdline Hgf.mips.elf File opened for reading /proc/151/cmdline Hgf.mips.elf File opened for reading /proc/70/cmdline Hgf.mips.elf File opened for reading /proc/78/cmdline Hgf.mips.elf File opened for reading /proc/363/cmdline Hgf.mips.elf File opened for reading /proc/665/cmdline Hgf.mips.elf File opened for reading /proc/4/cmdline Hgf.mips.elf File opened for reading /proc/36/cmdline Hgf.mips.elf File opened for reading /proc/24/cmdline Hgf.mips.elf File opened for reading /proc/76/cmdline Hgf.mips.elf File opened for reading /proc/700/cmdline Hgf.mips.elf File opened for reading /proc/self/exe Hgf.mips.elf File opened for reading /proc/6/cmdline Hgf.mips.elf -
System Network Configuration Discovery 1 TTPs 1 IoCs
Adversaries may gather information about the network configuration of a system.
pid Process 702 Hgf.mips.elf