Analysis
-
max time kernel
123s -
max time network
152s -
platform
debian-9_mips -
resource
debian9-mipsbe-20240611-en -
resource tags
arch:mipsimage:debian9-mipsbe-20240611-enkernel:4.9.0-13-4kc-maltalocale:en-usos:debian-9-mipssystem -
submitted
09-02-2025 10:11
Behavioral task
behavioral1
Sample
Hgf.mips.elf
Resource
debian9-mipsbe-20240611-en
debian-9-mips
9 signatures
150 seconds
General
-
Target
Hgf.mips.elf
-
Size
26KB
-
MD5
e1b2e0490dadd99532976573fae2bed1
-
SHA1
4729b1bc4958a7436ccc12f58639019bad6f01f3
-
SHA256
f23f399f85f41d5971445cdf5866701b8dfe01f64c4ea033635aa69f5ce0cfed
-
SHA512
d6753625abda9d5fd228262d7352bff2d1aa0f64d296e0398ff980c59f2ea90a1a37d3302cc6303c31bd897d534d86d1b5a30ff7d8924c8ecd7316dc08277c2f
-
SSDEEP
768:qI6U6Wx9Jk9bhLnPsrWNnWBsJgGlzDpUYswX:dcwHk1JU+WBkVqYXX
Score
10/10
Malware Config
Extracted
Family
mirai
Botnet
BOTNET
Signatures
-
Mirai family
-
Contacts a large (61377) amount of remote hosts 1 TTPs
This may indicate a network scan to discover remotely running services.
-
Creates a large amount of network flows 1 TTPs
This may indicate a network scan to discover remotely running services.
-
Modifies Watchdog functionality 1 TTPs 2 IoCs
Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.
description ioc Process File opened for modification /dev/watchdog Hgf.mips.elf File opened for modification /dev/misc/watchdog Hgf.mips.elf -
Enumerates running processes
Discovers information about currently running processes on the system
-
Changes its process name 1 IoCs
description ioc pid Process Changes the process name, possibly in an attempt to hide itself /var/Sofia 704 Hgf.mips.elf -
description ioc Process File opened for reading /proc/20/cmdline Hgf.mips.elf File opened for reading /proc/70/cmdline Hgf.mips.elf File opened for reading /proc/702/cmdline Hgf.mips.elf File opened for reading /proc/4/cmdline Hgf.mips.elf File opened for reading /proc/6/cmdline Hgf.mips.elf File opened for reading /proc/18/cmdline Hgf.mips.elf File opened for reading /proc/37/cmdline Hgf.mips.elf File opened for reading /proc/372/cmdline Hgf.mips.elf File opened for reading /proc/468/cmdline Hgf.mips.elf File opened for reading /proc/2/cmdline Hgf.mips.elf File opened for reading /proc/11/cmdline Hgf.mips.elf File opened for reading /proc/23/cmdline Hgf.mips.elf File opened for reading /proc/36/cmdline Hgf.mips.elf File opened for reading /proc/69/cmdline Hgf.mips.elf File opened for reading /proc/153/cmdline Hgf.mips.elf File opened for reading /proc/369/cmdline Hgf.mips.elf File opened for reading /proc/7/cmdline Hgf.mips.elf File opened for reading /proc/15/cmdline Hgf.mips.elf File opened for reading /proc/76/cmdline Hgf.mips.elf File opened for reading /proc/707/cmdline Hgf.mips.elf File opened for reading /proc/72/cmdline Hgf.mips.elf File opened for reading /proc/74/cmdline Hgf.mips.elf File opened for reading /proc/78/cmdline Hgf.mips.elf File opened for reading /proc/156/cmdline Hgf.mips.elf File opened for reading /proc/673/cmdline Hgf.mips.elf File opened for reading /proc/676/cmdline Hgf.mips.elf File opened for reading /proc/696/cmdline Hgf.mips.elf File opened for reading /proc/10/cmdline Hgf.mips.elf File opened for reading /proc/384/cmdline Hgf.mips.elf File opened for reading /proc/699/cmdline Hgf.mips.elf File opened for reading /proc/self/exe Hgf.mips.elf File opened for reading /proc/13/cmdline Hgf.mips.elf File opened for reading /proc/19/cmdline Hgf.mips.elf File opened for reading /proc/320/cmdline Hgf.mips.elf File opened for reading /proc/810/cmdline Hgf.mips.elf File opened for reading /proc/8/cmdline Hgf.mips.elf File opened for reading /proc/17/cmdline Hgf.mips.elf File opened for reading /proc/81/cmdline Hgf.mips.elf File opened for reading /proc/697/cmdline Hgf.mips.elf File opened for reading /proc/12/cmdline Hgf.mips.elf File opened for reading /proc/338/cmdline Hgf.mips.elf File opened for reading /proc/777/cmdline Hgf.mips.elf File opened for reading /proc/73/cmdline Hgf.mips.elf File opened for reading /proc/318/cmdline Hgf.mips.elf File opened for reading /proc/668/cmdline Hgf.mips.elf File opened for reading /proc/703/cmdline Hgf.mips.elf File opened for reading /proc/5/cmdline Hgf.mips.elf File opened for reading /proc/14/cmdline Hgf.mips.elf File opened for reading /proc/82/cmdline Hgf.mips.elf File opened for reading /proc/675/cmdline Hgf.mips.elf File opened for reading /proc/677/cmdline Hgf.mips.elf File opened for reading /proc/701/cmdline Hgf.mips.elf File opened for reading /proc/3/cmdline Hgf.mips.elf File opened for reading /proc/22/cmdline Hgf.mips.elf File opened for reading /proc/75/cmdline Hgf.mips.elf File opened for reading /proc/122/cmdline Hgf.mips.elf File opened for reading /proc/1/cmdline Hgf.mips.elf File opened for reading /proc/21/cmdline Hgf.mips.elf File opened for reading /proc/77/cmdline Hgf.mips.elf File opened for reading /proc/self/maps Hgf.mips.elf File opened for reading /proc/340/cmdline Hgf.mips.elf File opened for reading /proc/710/cmdline Hgf.mips.elf File opened for reading /proc/9/cmdline Hgf.mips.elf File opened for reading /proc/16/cmdline Hgf.mips.elf -
System Network Configuration Discovery 1 TTPs 1 IoCs
Adversaries may gather information about the network configuration of a system.
pid Process 704 Hgf.mips.elf