mirai | 90d543a1027b33b457f943571be902751cdc9b60a86ac9eacde19843e34ca8c2

Analysis

max time kernel
148s
max time network
151s
platform
debian-9_mipsel
resource
debian9-mipsel-20240611-en
resource tags

arch:mipselimage:debian9-mipsel-20240611-enkernel:4.9.0-13-4kc-maltalocale:en-usos:debian-9-mipselsystem
submitted
08/03/2025, 11:15

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

90d543a1027b33b457f943571be902751cdc9b60a86ac9eacde19843e34ca8c2.elf
Size

43KB
MD5

37e3f1e3faf28800d5d6e75a7ab8c39a
SHA1

c3e2b8841298415d70333c2ef1351c5b27afc45e
SHA256

90d543a1027b33b457f943571be902751cdc9b60a86ac9eacde19843e34ca8c2
SHA512

ab1397c7bd0ebe4ee76e16177adbc3ce5b2437b7f4ff68911cf1d07b7f11cb7556ab5dffe51e761169ec91df767d766360b376051afdfc7a46c8fd25850d6164
SSDEEP

768:E1jRTSWuPUdOfcVy3t9g44uuyBDmzii5HaPSkIx9RIXvtTPsAb3bqOWS:E1dTSlYvVMt9gtuSNaKBx9RYdbrN

Score

10^/10

mirai botnet defense_evasion discovery

Malware Config

Signatures

Mirai
Mirai is a prevalent Linux malware infecting exposed network devices.
botnet mirai
Mirai family
mirai

Modifies Watchdog functionality 1 TTPs 2 IoCs

Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.

defense_evasion

Impair Defenses

T1562

description	ioc	Process
File opened for modification	/dev/watchdog	90d543a1027b33b457f943571be902751cdc9b60a86ac9eacde19843e34ca8c2.elf
File opened for modification	/dev/misc/watchdog	90d543a1027b33b457f943571be902751cdc9b60a86ac9eacde19843e34ca8c2.elf

Enumerates running processes
Discovers information about currently running processes on the system

Writes file to system bin folder 2 IoCs

description	ioc	Process
File opened for modification	/sbin/watchdog	90d543a1027b33b457f943571be902751cdc9b60a86ac9eacde19843e34ca8c2.elf
File opened for modification	/bin/watchdog	90d543a1027b33b457f943571be902751cdc9b60a86ac9eacde19843e34ca8c2.elf

Reads runtime system information 64 IoCs

Reads data from /proc virtual filesystem.

discovery

description	ioc	Process
File opened for reading	/proc/17/status	90d543a1027b33b457f943571be902751cdc9b60a86ac9eacde19843e34ca8c2.elf
File opened for reading	/proc/341/status	90d543a1027b33b457f943571be902751cdc9b60a86ac9eacde19843e34ca8c2.elf
File opened for reading	/proc/425/status	90d543a1027b33b457f943571be902751cdc9b60a86ac9eacde19843e34ca8c2.elf
File opened for reading	/proc/1/status	90d543a1027b33b457f943571be902751cdc9b60a86ac9eacde19843e34ca8c2.elf
File opened for reading	/proc/10/status	90d543a1027b33b457f943571be902751cdc9b60a86ac9eacde19843e34ca8c2.elf
File opened for reading	/proc/22/status	90d543a1027b33b457f943571be902751cdc9b60a86ac9eacde19843e34ca8c2.elf
File opened for reading	/proc/72/status	90d543a1027b33b457f943571be902751cdc9b60a86ac9eacde19843e34ca8c2.elf
File opened for reading	/proc/151/status	90d543a1027b33b457f943571be902751cdc9b60a86ac9eacde19843e34ca8c2.elf
File opened for reading	/proc/3/status	90d543a1027b33b457f943571be902751cdc9b60a86ac9eacde19843e34ca8c2.elf
File opened for reading	/proc/12/status	90d543a1027b33b457f943571be902751cdc9b60a86ac9eacde19843e34ca8c2.elf
File opened for reading	/proc/18/status	90d543a1027b33b457f943571be902751cdc9b60a86ac9eacde19843e34ca8c2.elf
File opened for reading	/proc/73/status	90d543a1027b33b457f943571be902751cdc9b60a86ac9eacde19843e34ca8c2.elf
File opened for reading	/proc/386/status	90d543a1027b33b457f943571be902751cdc9b60a86ac9eacde19843e34ca8c2.elf
File opened for reading	/proc/6/status	90d543a1027b33b457f943571be902751cdc9b60a86ac9eacde19843e34ca8c2.elf
File opened for reading	/proc/14/status	90d543a1027b33b457f943571be902751cdc9b60a86ac9eacde19843e34ca8c2.elf
File opened for reading	/proc/77/status	90d543a1027b33b457f943571be902751cdc9b60a86ac9eacde19843e34ca8c2.elf
File opened for reading	/proc/338/status	90d543a1027b33b457f943571be902751cdc9b60a86ac9eacde19843e34ca8c2.elf
File opened for reading	/proc/390/status	90d543a1027b33b457f943571be902751cdc9b60a86ac9eacde19843e34ca8c2.elf
File opened for reading	/proc/678/status	90d543a1027b33b457f943571be902751cdc9b60a86ac9eacde19843e34ca8c2.elf
File opened for reading	/proc/9/status	90d543a1027b33b457f943571be902751cdc9b60a86ac9eacde19843e34ca8c2.elf
File opened for reading	/proc/68/status	90d543a1027b33b457f943571be902751cdc9b60a86ac9eacde19843e34ca8c2.elf
File opened for reading	/proc/19/status	90d543a1027b33b457f943571be902751cdc9b60a86ac9eacde19843e34ca8c2.elf
File opened for reading	/proc/21/status	90d543a1027b33b457f943571be902751cdc9b60a86ac9eacde19843e34ca8c2.elf
File opened for reading	/proc/234/status	90d543a1027b33b457f943571be902751cdc9b60a86ac9eacde19843e34ca8c2.elf
File opened for reading	/proc/704/status	90d543a1027b33b457f943571be902751cdc9b60a86ac9eacde19843e34ca8c2.elf
File opened for reading	/proc/4/status	90d543a1027b33b457f943571be902751cdc9b60a86ac9eacde19843e34ca8c2.elf
File opened for reading	/proc/24/status	90d543a1027b33b457f943571be902751cdc9b60a86ac9eacde19843e34ca8c2.elf
File opened for reading	/proc/146/status	90d543a1027b33b457f943571be902751cdc9b60a86ac9eacde19843e34ca8c2.elf
File opened for reading	/proc/169/status	90d543a1027b33b457f943571be902751cdc9b60a86ac9eacde19843e34ca8c2.elf
File opened for reading	/proc/710/status	90d543a1027b33b457f943571be902751cdc9b60a86ac9eacde19843e34ca8c2.elf
File opened for reading	/proc/707/status	90d543a1027b33b457f943571be902751cdc9b60a86ac9eacde19843e34ca8c2.elf
File opened for reading	/proc/70/status	90d543a1027b33b457f943571be902751cdc9b60a86ac9eacde19843e34ca8c2.elf
File opened for reading	/proc/339/status	90d543a1027b33b457f943571be902751cdc9b60a86ac9eacde19843e34ca8c2.elf
File opened for reading	/proc/716/status	90d543a1027b33b457f943571be902751cdc9b60a86ac9eacde19843e34ca8c2.elf
File opened for reading	/proc/337/status	90d543a1027b33b457f943571be902751cdc9b60a86ac9eacde19843e34ca8c2.elf
File opened for reading	/proc/5/status	90d543a1027b33b457f943571be902751cdc9b60a86ac9eacde19843e34ca8c2.elf
File opened for reading	/proc/15/status	90d543a1027b33b457f943571be902751cdc9b60a86ac9eacde19843e34ca8c2.elf
File opened for reading	/proc/79/status	90d543a1027b33b457f943571be902751cdc9b60a86ac9eacde19843e34ca8c2.elf
File opened for reading	/proc/118/status	90d543a1027b33b457f943571be902751cdc9b60a86ac9eacde19843e34ca8c2.elf
File opened for reading	/proc/119/status	90d543a1027b33b457f943571be902751cdc9b60a86ac9eacde19843e34ca8c2.elf
File opened for reading	/proc/250/status	90d543a1027b33b457f943571be902751cdc9b60a86ac9eacde19843e34ca8c2.elf
File opened for reading	/proc/335/status	90d543a1027b33b457f943571be902751cdc9b60a86ac9eacde19843e34ca8c2.elf
File opened for reading	/proc/2/status	90d543a1027b33b457f943571be902751cdc9b60a86ac9eacde19843e34ca8c2.elf
File opened for reading	/proc/110/status	90d543a1027b33b457f943571be902751cdc9b60a86ac9eacde19843e34ca8c2.elf
File opened for reading	/proc/685/status	90d543a1027b33b457f943571be902751cdc9b60a86ac9eacde19843e34ca8c2.elf
File opened for reading	/proc/709/status	90d543a1027b33b457f943571be902751cdc9b60a86ac9eacde19843e34ca8c2.elf
File opened for reading	/proc/8/status	90d543a1027b33b457f943571be902751cdc9b60a86ac9eacde19843e34ca8c2.elf
File opened for reading	/proc/11/status	90d543a1027b33b457f943571be902751cdc9b60a86ac9eacde19843e34ca8c2.elf
File opened for reading	/proc/36/status	90d543a1027b33b457f943571be902751cdc9b60a86ac9eacde19843e34ca8c2.elf
File opened for reading	/proc/384/status	90d543a1027b33b457f943571be902751cdc9b60a86ac9eacde19843e34ca8c2.elf
File opened for reading	/proc/683/status	90d543a1027b33b457f943571be902751cdc9b60a86ac9eacde19843e34ca8c2.elf
File opened for reading	/proc/16/status	90d543a1027b33b457f943571be902751cdc9b60a86ac9eacde19843e34ca8c2.elf
File opened for reading	/proc/20/status	90d543a1027b33b457f943571be902751cdc9b60a86ac9eacde19843e34ca8c2.elf
File opened for reading	/proc/69/status	90d543a1027b33b457f943571be902751cdc9b60a86ac9eacde19843e34ca8c2.elf
File opened for reading	/proc/81/status	90d543a1027b33b457f943571be902751cdc9b60a86ac9eacde19843e34ca8c2.elf
File opened for reading	/proc/705/status	90d543a1027b33b457f943571be902751cdc9b60a86ac9eacde19843e34ca8c2.elf
File opened for reading	/proc/71/status	90d543a1027b33b457f943571be902751cdc9b60a86ac9eacde19843e34ca8c2.elf
File opened for reading	/proc/76/status	90d543a1027b33b457f943571be902751cdc9b60a86ac9eacde19843e34ca8c2.elf
File opened for reading	/proc/681/status	90d543a1027b33b457f943571be902751cdc9b60a86ac9eacde19843e34ca8c2.elf
File opened for reading	/proc/711/status	90d543a1027b33b457f943571be902751cdc9b60a86ac9eacde19843e34ca8c2.elf
File opened for reading	/proc/712/status	90d543a1027b33b457f943571be902751cdc9b60a86ac9eacde19843e34ca8c2.elf
File opened for reading	/proc/713/status	90d543a1027b33b457f943571be902751cdc9b60a86ac9eacde19843e34ca8c2.elf
File opened for reading	/proc/7/status	90d543a1027b33b457f943571be902751cdc9b60a86ac9eacde19843e34ca8c2.elf
File opened for reading	/proc/13/status	90d543a1027b33b457f943571be902751cdc9b60a86ac9eacde19843e34ca8c2.elf

/tmp/90d543a1027b33b457f943571be902751cdc9b60a86ac9eacde19843e34ca8c2.elf
/tmp/90d543a1027b33b457f943571be902751cdc9b60a86ac9eacde19843e34ca8c2.elf
1⤵
- Modifies Watchdog functionality
- Writes file to system bin folder
- Reads runtime system information
PID:712

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Impair Defenses

T1562

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads