mirai | d87823ee98db0ae6bff52751d9b52a0aa4edbd811e667a7ae618b4bce98b93cd

Analysis

max time kernel
123s
max time network
147s
platform
debian-9_mips
resource
debian9-mipsbe-20240611-en
resource tags

arch:mipsimage:debian9-mipsbe-20240611-enkernel:4.9.0-13-4kc-maltalocale:en-usos:debian-9-mipssystem
submitted
23/03/2025, 21:34

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

pmips.elf
Size

48KB
MD5

50b99e65e56d9aa3d0d24aac7d2cf9d9
SHA1

2d0a69cab04c3db5fbe0c4ace2a3085f9354ebe8
SHA256

d87823ee98db0ae6bff52751d9b52a0aa4edbd811e667a7ae618b4bce98b93cd
SHA512

3964f7cd4d724f1a16a81443ff2085b269762a5d505e4475fb467c6f5ac2e803b07bb76e53532837608cd435b5508ca828546a16a7337287ecdeaa5a2c91af48
SSDEEP

1536:YW8syYKPBnbabtiIajMKbalcUVJuUm5sK2:YpDVbYorMh9VQUm5f2

Score

10^/10

mirai mirai botnet defense_evasion discovery

Malware Config

Extracted

Family

mirai

Botnet

MIRAI

Signatures

Mirai
Mirai is a prevalent Linux malware infecting exposed network devices.
botnet mirai
Mirai family
mirai

Deletes itself 1 IoCs

pid	Process
708	pmips.elf

Modifies Watchdog functionality 1 TTPs 2 IoCs

Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.

defense_evasion

Impair Defenses

T1562

description	ioc	Process
File opened for modification	/dev/watchdog	pmips.elf
File opened for modification	/dev/misc/watchdog	pmips.elf

Changes its process name 1 IoCs

description	ioc	pid	Process
Changes the process name, possibly in an attempt to hide itself	l3an7odgff82	708	pmips.elf

Reads runtime system information 64 IoCs

Reads data from /proc virtual filesystem.

discovery

description	ioc	Process
File opened for reading	/proc/432cmdline	pmips.elf
File opened for reading	/proc/770cmdline	pmips.elf
File opened for reading	/proc/776cmdline	pmips.elf
File opened for reading	/proc/793cmdline	pmips.elf
File opened for reading	/proc/802cmdline	pmips.elf
File opened for reading	/proc/161cmdline	pmips.elf
File opened for reading	/proc/235cmdline	pmips.elf
File opened for reading	/proc/677cmdline	pmips.elf
File opened for reading	/proc/780cmdline	pmips.elf
File opened for reading	/proc/792cmdline	pmips.elf
File opened for reading	/proc/813cmdline	pmips.elf
File opened for reading	/proc/814cmdline	pmips.elf
File opened for reading	/proc/114cmdline	pmips.elf
File opened for reading	/proc/350cmdline	pmips.elf
File opened for reading	/proc/734cmdline	pmips.elf
File opened for reading	/proc/748cmdline	pmips.elf
File opened for reading	/proc/774cmdline	pmips.elf
File opened for reading	/proc/788cmdline	pmips.elf
File opened for reading	/proc/794cmdline	pmips.elf
File opened for reading	/proc/757cmdline	pmips.elf
File opened for reading	/proc/714cmdline	pmips.elf
File opened for reading	/proc/722cmdline	pmips.elf
File opened for reading	/proc/742cmdline	pmips.elf
File opened for reading	/proc/744cmdline	pmips.elf
File opened for reading	/proc/7cmdline	pmips.elf
File opened for reading	/proc/713cmdline	pmips.elf
File opened for reading	/proc/729cmdline	pmips.elf
File opened for reading	/proc/775cmdline	pmips.elf
File opened for reading	/proc/10cmdline	pmips.elf
File opened for reading	/proc/14cmdline	pmips.elf
File opened for reading	/proc/76cmdline	pmips.elf
File opened for reading	/proc/324cmdline	pmips.elf
File opened for reading	/proc/727cmdline	pmips.elf
File opened for reading	/proc/759cmdline	pmips.elf
File opened for reading	/proc/760cmdline	pmips.elf
File opened for reading	/proc/763cmdline	pmips.elf
File opened for reading	/proc/24cmdline	pmips.elf
File opened for reading	/proc/179cmdline	pmips.elf
File opened for reading	/proc/701cmdline	pmips.elf
File opened for reading	/proc/762cmdline	pmips.elf
File opened for reading	/proc/812cmdline	pmips.elf
File opened for reading	/proc/8cmdline	pmips.elf
File opened for reading	/proc/706cmdline	pmips.elf
File opened for reading	/proc/730cmdline	pmips.elf
File opened for reading	/proc/738cmdline	pmips.elf
File opened for reading	/proc/22cmdline	pmips.elf
File opened for reading	/proc/70cmdline	pmips.elf
File opened for reading	/proc/124cmdline	pmips.elf
File opened for reading	/proc/705cmdline	pmips.elf
File opened for reading	/proc/765cmdline	pmips.elf
File opened for reading	/proc/767cmdline	pmips.elf
File opened for reading	/proc/796cmdline	pmips.elf
File opened for reading	/proc/72cmdline	pmips.elf
File opened for reading	/proc/674cmdline	pmips.elf
File opened for reading	/proc/746cmdline	pmips.elf
File opened for reading	/proc/322cmdline	pmips.elf
File opened for reading	/proc/669cmdline	pmips.elf
File opened for reading	/proc/747cmdline	pmips.elf
File opened for reading	/proc/709cmdline	pmips.elf
File opened for reading	/proc/750cmdline	pmips.elf
File opened for reading	/proc/17cmdline	pmips.elf
File opened for reading	/proc/36cmdline	pmips.elf
File opened for reading	/proc/700cmdline	pmips.elf
File opened for reading	/proc/721cmdline	pmips.elf

System Network Configuration Discovery 1 TTPs 1 IoCs

Adversaries may gather information about the network configuration of a system.

discovery

System Network Configuration Discovery

T1016

pid	Process
708	pmips.elf

/tmp/pmips.elf
/tmp/pmips.elf
1⤵
- Deletes itself
- Modifies Watchdog functionality
- Changes its process name
- Reads runtime system information
- System Network Configuration Discovery
PID:708

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Impair Defenses

T1562

Credential Access

Discovery

System Network Configuration Discovery

T1016

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Windows 7 deprecation

Loading Replay Monitor...