Analysis
-
max time kernel
149s -
max time network
150s -
platform
debian-9_armhf -
resource
debian9-armhf-20240418-en -
resource tags
-
submitted
07/03/2025, 05:18
General
-
Target
97322a6ff08acd8f891873bff362bb9b5825e8b67781a5f39095be11adf9432b.elf
-
Size
62KB
-
MD5
159048424443d3cb27457baf3b8d9f70
-
SHA1
24e4fb942c3e4adfd13cf0903b825f6ca939a461
-
SHA256
97322a6ff08acd8f891873bff362bb9b5825e8b67781a5f39095be11adf9432b
-
SHA512
cae9e1ea0f703739a38694e2467c1ad165f6ce31745db94eba9218b0c69a75d21e981418093c696164442c52992aac6171bf95de0173304f72bd6547e97da69e
-
SSDEEP
1536:fQ/ipBWTCfV9N49ZjetCi643L+TUi6iBRp+Oc:IKpsTiW9EtCi9LAPTd+1
Malware Config
Extracted
mirai
LZRD
Signatures
-
Mirai
Mirai is a prevalent Linux malware infecting exposed network devices.
-
Mirai family
-
Contacts a large (23906) amount of remote hosts 1 TTPs
This may indicate a network scan to discover remotely running services.
-
Creates a large amount of network flows 1 TTPs
This may indicate a network scan to discover remotely running services.
-
Modifies Watchdog functionality 1 TTPs 2 IoCs
Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.
-
Reads runtime system information 1 IoCs
Reads data from /proc virtual filesystem.
Processes
-
/tmp/97322a6ff08acd8f891873bff362bb9b5825e8b67781a5f39095be11adf9432b.elf/tmp/97322a6ff08acd8f891873bff362bb9b5825e8b67781a5f39095be11adf9432b.elf1⤵
- Modifies Watchdog functionality
- Reads runtime system information