mirai | fd69c599111ca3d7dbe937c74df58b1933d69fea6f47636d485bf5321135b6fe

Analysis

max time kernel
123s
max time network
146s
platform
debian-9_mipsel
resource
debian9-mipsel-20240611-en
resource tags

arch:mipselimage:debian9-mipsel-20240611-enkernel:4.9.0-13-4kc-maltalocale:en-usos:debian-9-mipselsystem
submitted
24/03/2025, 12:57

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

fd69c599111ca3d7dbe937c74df58b1933d69fea6f47636d485bf5321135b6fe.elf
Size

49KB
MD5

c6e97e7019d1deb2815994f5c7241c09
SHA1

a5e74b0b0884efbdae0c27433db1bf7e702a9ea1
SHA256

fd69c599111ca3d7dbe937c74df58b1933d69fea6f47636d485bf5321135b6fe
SHA512

564164156fac1b435afd0728eb10ba6e61a114773492f1f3202b613adf554904850f1269ceeb47fb59deb0e175c4de1281c79abb24e6f74b6b8afc98a7a284f8
SSDEEP

768:nbbIVTCpNpqW10FtrDS+tZb9ddQm8MSbhYhFkQkVmKTlFHcmW5DQYgmJaD9UkV:nbcCfpqY0FtKm8h4uVmAlFHagyaqS

Score

10^/10

mirai mirai botnet defense_evasion discovery

Malware Config

Extracted

Family

mirai

Botnet

MIRAI

Signatures

Mirai
Mirai is a prevalent Linux malware infecting exposed network devices.
botnet mirai
Mirai family
mirai

Deletes itself 1 IoCs

pid	Process
711	fd69c599111ca3d7dbe937c74df58b1933d69fea6f47636d485bf5321135b6fe.elf

Modifies Watchdog functionality 1 TTPs 2 IoCs

Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.

defense_evasion

Impair Defenses

T1562

description	ioc	Process
File opened for modification	/dev/watchdog	fd69c599111ca3d7dbe937c74df58b1933d69fea6f47636d485bf5321135b6fe.elf
File opened for modification	/dev/misc/watchdog	fd69c599111ca3d7dbe937c74df58b1933d69fea6f47636d485bf5321135b6fe.elf

Changes its process name 1 IoCs

description	ioc	pid	Process
Changes the process name, possibly in an attempt to hide itself	8tk0h0ni43tm6klkor2likmk	711	fd69c599111ca3d7dbe937c74df58b1933d69fea6f47636d485bf5321135b6fe.elf

Reads runtime system information 64 IoCs

Reads data from /proc virtual filesystem.

discovery

description	ioc	Process
File opened for reading	/proc/756cmdline	fd69c599111ca3d7dbe937c74df58b1933d69fea6f47636d485bf5321135b6fe.elf
File opened for reading	/proc/781cmdline	fd69c599111ca3d7dbe937c74df58b1933d69fea6f47636d485bf5321135b6fe.elf
File opened for reading	/proc/14cmdline	fd69c599111ca3d7dbe937c74df58b1933d69fea6f47636d485bf5321135b6fe.elf
File opened for reading	/proc/762cmdline	fd69c599111ca3d7dbe937c74df58b1933d69fea6f47636d485bf5321135b6fe.elf
File opened for reading	/proc/783cmdline	fd69c599111ca3d7dbe937c74df58b1933d69fea6f47636d485bf5321135b6fe.elf
File opened for reading	/proc/790cmdline	fd69c599111ca3d7dbe937c74df58b1933d69fea6f47636d485bf5321135b6fe.elf
File opened for reading	/proc/804cmdline	fd69c599111ca3d7dbe937c74df58b1933d69fea6f47636d485bf5321135b6fe.elf
File opened for reading	/proc/9cmdline	fd69c599111ca3d7dbe937c74df58b1933d69fea6f47636d485bf5321135b6fe.elf
File opened for reading	/proc/76cmdline	fd69c599111ca3d7dbe937c74df58b1933d69fea6f47636d485bf5321135b6fe.elf
File opened for reading	/proc/124cmdline	fd69c599111ca3d7dbe937c74df58b1933d69fea6f47636d485bf5321135b6fe.elf
File opened for reading	/proc/381cmdline	fd69c599111ca3d7dbe937c74df58b1933d69fea6f47636d485bf5321135b6fe.elf
File opened for reading	/proc/635cmdline	fd69c599111ca3d7dbe937c74df58b1933d69fea6f47636d485bf5321135b6fe.elf
File opened for reading	/proc/386cmdline	fd69c599111ca3d7dbe937c74df58b1933d69fea6f47636d485bf5321135b6fe.elf
File opened for reading	/proc/422cmdline	fd69c599111ca3d7dbe937c74df58b1933d69fea6f47636d485bf5321135b6fe.elf
File opened for reading	/proc/737cmdline	fd69c599111ca3d7dbe937c74df58b1933d69fea6f47636d485bf5321135b6fe.elf
File opened for reading	/proc/749cmdline	fd69c599111ca3d7dbe937c74df58b1933d69fea6f47636d485bf5321135b6fe.elf
File opened for reading	/proc/81cmdline	fd69c599111ca3d7dbe937c74df58b1933d69fea6f47636d485bf5321135b6fe.elf
File opened for reading	/proc/84cmdline	fd69c599111ca3d7dbe937c74df58b1933d69fea6f47636d485bf5321135b6fe.elf
File opened for reading	/proc/675cmdline	fd69c599111ca3d7dbe937c74df58b1933d69fea6f47636d485bf5321135b6fe.elf
File opened for reading	/proc/733cmdline	fd69c599111ca3d7dbe937c74df58b1933d69fea6f47636d485bf5321135b6fe.elf
File opened for reading	/proc/753cmdline	fd69c599111ca3d7dbe937c74df58b1933d69fea6f47636d485bf5321135b6fe.elf
File opened for reading	/proc/787cmdline	fd69c599111ca3d7dbe937c74df58b1933d69fea6f47636d485bf5321135b6fe.elf
File opened for reading	/proc/725cmdline	fd69c599111ca3d7dbe937c74df58b1933d69fea6f47636d485bf5321135b6fe.elf
File opened for reading	/proc/728cmdline	fd69c599111ca3d7dbe937c74df58b1933d69fea6f47636d485bf5321135b6fe.elf
File opened for reading	/proc/743cmdline	fd69c599111ca3d7dbe937c74df58b1933d69fea6f47636d485bf5321135b6fe.elf
File opened for reading	/proc/788cmdline	fd69c599111ca3d7dbe937c74df58b1933d69fea6f47636d485bf5321135b6fe.elf
File opened for reading	/proc/78cmdline	fd69c599111ca3d7dbe937c74df58b1933d69fea6f47636d485bf5321135b6fe.elf
File opened for reading	/proc/82cmdline	fd69c599111ca3d7dbe937c74df58b1933d69fea6f47636d485bf5321135b6fe.elf
File opened for reading	/proc/773cmdline	fd69c599111ca3d7dbe937c74df58b1933d69fea6f47636d485bf5321135b6fe.elf
File opened for reading	/proc/800cmdline	fd69c599111ca3d7dbe937c74df58b1933d69fea6f47636d485bf5321135b6fe.elf
File opened for reading	/proc/805cmdline	fd69c599111ca3d7dbe937c74df58b1933d69fea6f47636d485bf5321135b6fe.elf
File opened for reading	/proc/6cmdline	fd69c599111ca3d7dbe937c74df58b1933d69fea6f47636d485bf5321135b6fe.elf
File opened for reading	/proc/237cmdline	fd69c599111ca3d7dbe937c74df58b1933d69fea6f47636d485bf5321135b6fe.elf
File opened for reading	/proc/726cmdline	fd69c599111ca3d7dbe937c74df58b1933d69fea6f47636d485bf5321135b6fe.elf
File opened for reading	/proc/730cmdline	fd69c599111ca3d7dbe937c74df58b1933d69fea6f47636d485bf5321135b6fe.elf
File opened for reading	/proc/736cmdline	fd69c599111ca3d7dbe937c74df58b1933d69fea6f47636d485bf5321135b6fe.elf
File opened for reading	/proc/769cmdline	fd69c599111ca3d7dbe937c74df58b1933d69fea6f47636d485bf5321135b6fe.elf
File opened for reading	/proc/806cmdline	fd69c599111ca3d7dbe937c74df58b1933d69fea6f47636d485bf5321135b6fe.elf
File opened for reading	/proc/16cmdline	fd69c599111ca3d7dbe937c74df58b1933d69fea6f47636d485bf5321135b6fe.elf
File opened for reading	/proc/37cmdline	fd69c599111ca3d7dbe937c74df58b1933d69fea6f47636d485bf5321135b6fe.elf
File opened for reading	/proc/77cmdline	fd69c599111ca3d7dbe937c74df58b1933d69fea6f47636d485bf5321135b6fe.elf
File opened for reading	/proc/718cmdline	fd69c599111ca3d7dbe937c74df58b1933d69fea6f47636d485bf5321135b6fe.elf
File opened for reading	/proc/20cmdline	fd69c599111ca3d7dbe937c74df58b1933d69fea6f47636d485bf5321135b6fe.elf
File opened for reading	/proc/74cmdline	fd69c599111ca3d7dbe937c74df58b1933d69fea6f47636d485bf5321135b6fe.elf
File opened for reading	/proc/722cmdline	fd69c599111ca3d7dbe937c74df58b1933d69fea6f47636d485bf5321135b6fe.elf
File opened for reading	/proc/786cmdline	fd69c599111ca3d7dbe937c74df58b1933d69fea6f47636d485bf5321135b6fe.elf
File opened for reading	/proc/811cmdline	fd69c599111ca3d7dbe937c74df58b1933d69fea6f47636d485bf5321135b6fe.elf
File opened for reading	/proc/1cmdline	fd69c599111ca3d7dbe937c74df58b1933d69fea6f47636d485bf5321135b6fe.elf
File opened for reading	/proc/23cmdline	fd69c599111ca3d7dbe937c74df58b1933d69fea6f47636d485bf5321135b6fe.elf
File opened for reading	/proc/154cmdline	fd69c599111ca3d7dbe937c74df58b1933d69fea6f47636d485bf5321135b6fe.elf
File opened for reading	/proc/708cmdline	fd69c599111ca3d7dbe937c74df58b1933d69fea6f47636d485bf5321135b6fe.elf
File opened for reading	/proc/716cmdline	fd69c599111ca3d7dbe937c74df58b1933d69fea6f47636d485bf5321135b6fe.elf
File opened for reading	/proc/721cmdline	fd69c599111ca3d7dbe937c74df58b1933d69fea6f47636d485bf5321135b6fe.elf
File opened for reading	/proc/751cmdline	fd69c599111ca3d7dbe937c74df58b1933d69fea6f47636d485bf5321135b6fe.elf
File opened for reading	/proc/772cmdline	fd69c599111ca3d7dbe937c74df58b1933d69fea6f47636d485bf5321135b6fe.elf
File opened for reading	/proc/748cmdline	fd69c599111ca3d7dbe937c74df58b1933d69fea6f47636d485bf5321135b6fe.elf
File opened for reading	/proc/768cmdline	fd69c599111ca3d7dbe937c74df58b1933d69fea6f47636d485bf5321135b6fe.elf
File opened for reading	/proc/777cmdline	fd69c599111ca3d7dbe937c74df58b1933d69fea6f47636d485bf5321135b6fe.elf
File opened for reading	/proc/792cmdline	fd69c599111ca3d7dbe937c74df58b1933d69fea6f47636d485bf5321135b6fe.elf
File opened for reading	/proc/801cmdline	fd69c599111ca3d7dbe937c74df58b1933d69fea6f47636d485bf5321135b6fe.elf
File opened for reading	/proc/809cmdline	fd69c599111ca3d7dbe937c74df58b1933d69fea6f47636d485bf5321135b6fe.elf
File opened for reading	/proc/754cmdline	fd69c599111ca3d7dbe937c74df58b1933d69fea6f47636d485bf5321135b6fe.elf
File opened for reading	/proc/19cmdline	fd69c599111ca3d7dbe937c74df58b1933d69fea6f47636d485bf5321135b6fe.elf
File opened for reading	/proc/22cmdline	fd69c599111ca3d7dbe937c74df58b1933d69fea6f47636d485bf5321135b6fe.elf

/tmp/fd69c599111ca3d7dbe937c74df58b1933d69fea6f47636d485bf5321135b6fe.elf
/tmp/fd69c599111ca3d7dbe937c74df58b1933d69fea6f47636d485bf5321135b6fe.elf
1⤵
- Deletes itself
- Modifies Watchdog functionality
- Changes its process name
- Reads runtime system information
PID:711

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Impair Defenses

T1562

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Windows 7 deprecation

Loading Replay Monitor...