mirai | 0f9d4a82ab240e6cded16a268216b5b304d080bf3f112ffc3c0ad58dbe98e1df | Triage

Analysis

max time kernel
0s
max time network
37s
platform
debian-9_mips
resource
debian9-mipsbe-20240611-en
resource tags

arch:mipsimage:debian9-mipsbe-20240611-enkernel:4.9.0-13-4kc-maltalocale:en-usos:debian-9-mipssystem
submitted
09/03/2025, 15:11

Sharing

Report Analysis Logs

General

Target

x.elf
Size

32KB
MD5

25b7324c2e3772ed835fdbaab0c29c20
SHA1

12b746c4c7881a554f31fe82338ea599119ef9d5
SHA256

0f9d4a82ab240e6cded16a268216b5b304d080bf3f112ffc3c0ad58dbe98e1df
SHA512

33f3cf79659901c28dbc23ee851201b4937b75ccc6db36f1df7ccab87eb0d688fa70e9c767ff5921538fb2bf6612a2661211268f2178229c2bc8bfbe68aa5a0e
SSDEEP

768:jFuoOORB8LtrjFJ7kHh6RrdC7xYlrcnxaO+uDb929D+JgGlzDpUYsG:jFyOSjFc6tdC+roxyuDBTVqYV

Score

10^/10

mirai apep botnet discovery

Malware Config

Extracted

Family

mirai

Botnet

APEP

Signatures

Mirai
Mirai is a prevalent Linux malware infecting exposed network devices.
botnet mirai
Mirai family
mirai

Changes its process name 1 IoCs

description	ioc	pid	Process
Changes the process name, possibly in an attempt to hide itself	x\|~ph`g}{}\|h	692	x.elf

Reads runtime system information 1 IoCs

Reads data from /proc virtual filesystem.

description	ioc	Process
File opened for reading	/proc/self/exe	x.elf

Writes file to tmp directory 4 IoCs

Malware often drops required files in the /tmp directory.

description	ioc	Process
File opened for modification	/tmp/=vwd=esfqzv}u	x.elf
File opened for modification	/tmp/=vwd={aq=esfqzv}u	x.elf
File opened for modification	/tmp/=vwd=TFEVF#"#Mesfqzv}u	x.elf
File opened for modification	/tmp/=vwd=TFEVF#"#N2esfqzv}u	x.elf

/tmp/x.elf
/tmp/x.elf
1⤵
- Changes its process name
- Reads runtime system information
- Writes file to tmp directory
PID:692

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads