mirai | d87823ee98db0ae6bff52751d9b52a0aa4edbd811e667a7ae618b4bce98b93cd

Analysis

max time kernel
123s
max time network
150s
platform
debian-9_mips
resource
debian9-mipsbe-20240611-en
resource tags

arch:mipsimage:debian9-mipsbe-20240611-enkernel:4.9.0-13-4kc-maltalocale:en-usos:debian-9-mipssystem
submitted
24/03/2025, 11:19

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

d87823ee98db0ae6bff52751d9b52a0aa4edbd811e667a7ae618b4bce98b93cd.elf
Size

48KB
MD5

50b99e65e56d9aa3d0d24aac7d2cf9d9
SHA1

2d0a69cab04c3db5fbe0c4ace2a3085f9354ebe8
SHA256

d87823ee98db0ae6bff52751d9b52a0aa4edbd811e667a7ae618b4bce98b93cd
SHA512

3964f7cd4d724f1a16a81443ff2085b269762a5d505e4475fb467c6f5ac2e803b07bb76e53532837608cd435b5508ca828546a16a7337287ecdeaa5a2c91af48
SSDEEP

1536:YW8syYKPBnbabtiIajMKbalcUVJuUm5sK2:YpDVbYorMh9VQUm5f2

Score

10^/10

mirai mirai botnet defense_evasion discovery

Malware Config

Extracted

Family

mirai

Botnet

MIRAI

Signatures

Mirai
Mirai is a prevalent Linux malware infecting exposed network devices.
botnet mirai
Mirai family
mirai

Deletes itself 1 IoCs

pid	Process
713	d87823ee98db0ae6bff52751d9b52a0aa4edbd811e667a7ae618b4bce98b93cd.elf

Modifies Watchdog functionality 1 TTPs 2 IoCs

Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.

defense_evasion

Impair Defenses

T1562

description	ioc	Process
File opened for modification	/dev/watchdog	d87823ee98db0ae6bff52751d9b52a0aa4edbd811e667a7ae618b4bce98b93cd.elf
File opened for modification	/dev/misc/watchdog	d87823ee98db0ae6bff52751d9b52a0aa4edbd811e667a7ae618b4bce98b93cd.elf

Changes its process name 1 IoCs

description	ioc	pid	Process
Changes the process name, possibly in an attempt to hide itself	pekjra76i6rkhsbs	713	d87823ee98db0ae6bff52751d9b52a0aa4edbd811e667a7ae618b4bce98b93cd.elf

Reads runtime system information 64 IoCs

Reads data from /proc virtual filesystem.

discovery

description	ioc	Process
File opened for reading	/proc/753cmdline	d87823ee98db0ae6bff52751d9b52a0aa4edbd811e667a7ae618b4bce98b93cd.elf
File opened for reading	/proc/10cmdline	d87823ee98db0ae6bff52751d9b52a0aa4edbd811e667a7ae618b4bce98b93cd.elf
File opened for reading	/proc/82cmdline	d87823ee98db0ae6bff52751d9b52a0aa4edbd811e667a7ae618b4bce98b93cd.elf
File opened for reading	/proc/345cmdline	d87823ee98db0ae6bff52751d9b52a0aa4edbd811e667a7ae618b4bce98b93cd.elf
File opened for reading	/proc/730cmdline	d87823ee98db0ae6bff52751d9b52a0aa4edbd811e667a7ae618b4bce98b93cd.elf
File opened for reading	/proc/731cmdline	d87823ee98db0ae6bff52751d9b52a0aa4edbd811e667a7ae618b4bce98b93cd.elf
File opened for reading	/proc/735cmdline	d87823ee98db0ae6bff52751d9b52a0aa4edbd811e667a7ae618b4bce98b93cd.elf
File opened for reading	/proc/739cmdline	d87823ee98db0ae6bff52751d9b52a0aa4edbd811e667a7ae618b4bce98b93cd.elf
File opened for reading	/proc/766cmdline	d87823ee98db0ae6bff52751d9b52a0aa4edbd811e667a7ae618b4bce98b93cd.elf
File opened for reading	/proc/772cmdline	d87823ee98db0ae6bff52751d9b52a0aa4edbd811e667a7ae618b4bce98b93cd.elf
File opened for reading	/proc/37cmdline	d87823ee98db0ae6bff52751d9b52a0aa4edbd811e667a7ae618b4bce98b93cd.elf
File opened for reading	/proc/13cmdline	d87823ee98db0ae6bff52751d9b52a0aa4edbd811e667a7ae618b4bce98b93cd.elf
File opened for reading	/proc/809cmdline	d87823ee98db0ae6bff52751d9b52a0aa4edbd811e667a7ae618b4bce98b93cd.elf
File opened for reading	/proc/385cmdline	d87823ee98db0ae6bff52751d9b52a0aa4edbd811e667a7ae618b4bce98b93cd.elf
File opened for reading	/proc/722cmdline	d87823ee98db0ae6bff52751d9b52a0aa4edbd811e667a7ae618b4bce98b93cd.elf
File opened for reading	/proc/775cmdline	d87823ee98db0ae6bff52751d9b52a0aa4edbd811e667a7ae618b4bce98b93cd.elf
File opened for reading	/proc/788cmdline	d87823ee98db0ae6bff52751d9b52a0aa4edbd811e667a7ae618b4bce98b93cd.elf
File opened for reading	/proc/793cmdline	d87823ee98db0ae6bff52751d9b52a0aa4edbd811e667a7ae618b4bce98b93cd.elf
File opened for reading	/proc/24cmdline	d87823ee98db0ae6bff52751d9b52a0aa4edbd811e667a7ae618b4bce98b93cd.elf
File opened for reading	/proc/799cmdline	d87823ee98db0ae6bff52751d9b52a0aa4edbd811e667a7ae618b4bce98b93cd.elf
File opened for reading	/proc/808cmdline	d87823ee98db0ae6bff52751d9b52a0aa4edbd811e667a7ae618b4bce98b93cd.elf
File opened for reading	/proc/805cmdline	d87823ee98db0ae6bff52751d9b52a0aa4edbd811e667a7ae618b4bce98b93cd.elf
File opened for reading	/proc/9cmdline	d87823ee98db0ae6bff52751d9b52a0aa4edbd811e667a7ae618b4bce98b93cd.elf
File opened for reading	/proc/118cmdline	d87823ee98db0ae6bff52751d9b52a0aa4edbd811e667a7ae618b4bce98b93cd.elf
File opened for reading	/proc/708cmdline	d87823ee98db0ae6bff52751d9b52a0aa4edbd811e667a7ae618b4bce98b93cd.elf
File opened for reading	/proc/719cmdline	d87823ee98db0ae6bff52751d9b52a0aa4edbd811e667a7ae618b4bce98b93cd.elf
File opened for reading	/proc/737cmdline	d87823ee98db0ae6bff52751d9b52a0aa4edbd811e667a7ae618b4bce98b93cd.elf
File opened for reading	/proc/745cmdline	d87823ee98db0ae6bff52751d9b52a0aa4edbd811e667a7ae618b4bce98b93cd.elf
File opened for reading	/proc/11cmdline	d87823ee98db0ae6bff52751d9b52a0aa4edbd811e667a7ae618b4bce98b93cd.elf
File opened for reading	/proc/714cmdline	d87823ee98db0ae6bff52751d9b52a0aa4edbd811e667a7ae618b4bce98b93cd.elf
File opened for reading	/proc/743cmdline	d87823ee98db0ae6bff52751d9b52a0aa4edbd811e667a7ae618b4bce98b93cd.elf
File opened for reading	/proc/780cmdline	d87823ee98db0ae6bff52751d9b52a0aa4edbd811e667a7ae618b4bce98b93cd.elf
File opened for reading	/proc/797cmdline	d87823ee98db0ae6bff52751d9b52a0aa4edbd811e667a7ae618b4bce98b93cd.elf
File opened for reading	/proc/802cmdline	d87823ee98db0ae6bff52751d9b52a0aa4edbd811e667a7ae618b4bce98b93cd.elf
File opened for reading	/proc/7cmdline	d87823ee98db0ae6bff52751d9b52a0aa4edbd811e667a7ae618b4bce98b93cd.elf
File opened for reading	/proc/723cmdline	d87823ee98db0ae6bff52751d9b52a0aa4edbd811e667a7ae618b4bce98b93cd.elf
File opened for reading	/proc/767cmdline	d87823ee98db0ae6bff52751d9b52a0aa4edbd811e667a7ae618b4bce98b93cd.elf
File opened for reading	/proc/778cmdline	d87823ee98db0ae6bff52751d9b52a0aa4edbd811e667a7ae618b4bce98b93cd.elf
File opened for reading	/proc/21cmdline	d87823ee98db0ae6bff52751d9b52a0aa4edbd811e667a7ae618b4bce98b93cd.elf
File opened for reading	/proc/71cmdline	d87823ee98db0ae6bff52751d9b52a0aa4edbd811e667a7ae618b4bce98b93cd.elf
File opened for reading	/proc/110cmdline	d87823ee98db0ae6bff52751d9b52a0aa4edbd811e667a7ae618b4bce98b93cd.elf
File opened for reading	/proc/250cmdline	d87823ee98db0ae6bff52751d9b52a0aa4edbd811e667a7ae618b4bce98b93cd.elf
File opened for reading	/proc/738cmdline	d87823ee98db0ae6bff52751d9b52a0aa4edbd811e667a7ae618b4bce98b93cd.elf
File opened for reading	/proc/771cmdline	d87823ee98db0ae6bff52751d9b52a0aa4edbd811e667a7ae618b4bce98b93cd.elf
File opened for reading	/proc/791cmdline	d87823ee98db0ae6bff52751d9b52a0aa4edbd811e667a7ae618b4bce98b93cd.elf
File opened for reading	/proc/800cmdline	d87823ee98db0ae6bff52751d9b52a0aa4edbd811e667a7ae618b4bce98b93cd.elf
File opened for reading	/proc/675cmdline	d87823ee98db0ae6bff52751d9b52a0aa4edbd811e667a7ae618b4bce98b93cd.elf
File opened for reading	/proc/726cmdline	d87823ee98db0ae6bff52751d9b52a0aa4edbd811e667a7ae618b4bce98b93cd.elf
File opened for reading	/proc/746cmdline	d87823ee98db0ae6bff52751d9b52a0aa4edbd811e667a7ae618b4bce98b93cd.elf
File opened for reading	/proc/748cmdline	d87823ee98db0ae6bff52751d9b52a0aa4edbd811e667a7ae618b4bce98b93cd.elf
File opened for reading	/proc/760cmdline	d87823ee98db0ae6bff52751d9b52a0aa4edbd811e667a7ae618b4bce98b93cd.elf
File opened for reading	/proc/119cmdline	d87823ee98db0ae6bff52751d9b52a0aa4edbd811e667a7ae618b4bce98b93cd.elf
File opened for reading	/proc/339cmdline	d87823ee98db0ae6bff52751d9b52a0aa4edbd811e667a7ae618b4bce98b93cd.elf
File opened for reading	/proc/777cmdline	d87823ee98db0ae6bff52751d9b52a0aa4edbd811e667a7ae618b4bce98b93cd.elf
File opened for reading	/proc/796cmdline	d87823ee98db0ae6bff52751d9b52a0aa4edbd811e667a7ae618b4bce98b93cd.elf
File opened for reading	/proc/811cmdline	d87823ee98db0ae6bff52751d9b52a0aa4edbd811e667a7ae618b4bce98b93cd.elf
File opened for reading	/proc/14cmdline	d87823ee98db0ae6bff52751d9b52a0aa4edbd811e667a7ae618b4bce98b93cd.elf
File opened for reading	/proc/711cmdline	d87823ee98db0ae6bff52751d9b52a0aa4edbd811e667a7ae618b4bce98b93cd.elf
File opened for reading	/proc/765cmdline	d87823ee98db0ae6bff52751d9b52a0aa4edbd811e667a7ae618b4bce98b93cd.elf
File opened for reading	/proc/818cmdline	d87823ee98db0ae6bff52751d9b52a0aa4edbd811e667a7ae618b4bce98b93cd.elf
File opened for reading	/proc/679cmdline	d87823ee98db0ae6bff52751d9b52a0aa4edbd811e667a7ae618b4bce98b93cd.elf
File opened for reading	/proc/744cmdline	d87823ee98db0ae6bff52751d9b52a0aa4edbd811e667a7ae618b4bce98b93cd.elf
File opened for reading	/proc/757cmdline	d87823ee98db0ae6bff52751d9b52a0aa4edbd811e667a7ae618b4bce98b93cd.elf
File opened for reading	/proc/782cmdline	d87823ee98db0ae6bff52751d9b52a0aa4edbd811e667a7ae618b4bce98b93cd.elf

/tmp/d87823ee98db0ae6bff52751d9b52a0aa4edbd811e667a7ae618b4bce98b93cd.elf
/tmp/d87823ee98db0ae6bff52751d9b52a0aa4edbd811e667a7ae618b4bce98b93cd.elf
1⤵
- Deletes itself
- Modifies Watchdog functionality
- Changes its process name
- Reads runtime system information
PID:713

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Impair Defenses

T1562

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Windows 7 deprecation

Loading Replay Monitor...