mirai | fd69c599111ca3d7dbe937c74df58b1933d69fea6f47636d485bf5321135b6fe

Analysis

max time kernel
150s
max time network
150s
platform
debian-9_mipsel
resource
debian9-mipsel-20240611-en
resource tags

arch:mipselimage:debian9-mipsel-20240611-enkernel:4.9.0-13-4kc-maltalocale:en-usos:debian-9-mipselsystem
submitted
24/03/2025, 13:06

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

fd69c599111ca3d7dbe937c74df58b1933d69fea6f47636d485bf5321135b6fe.elf
Size

49KB
MD5

c6e97e7019d1deb2815994f5c7241c09
SHA1

a5e74b0b0884efbdae0c27433db1bf7e702a9ea1
SHA256

fd69c599111ca3d7dbe937c74df58b1933d69fea6f47636d485bf5321135b6fe
SHA512

564164156fac1b435afd0728eb10ba6e61a114773492f1f3202b613adf554904850f1269ceeb47fb59deb0e175c4de1281c79abb24e6f74b6b8afc98a7a284f8
SSDEEP

768:nbbIVTCpNpqW10FtrDS+tZb9ddQm8MSbhYhFkQkVmKTlFHcmW5DQYgmJaD9UkV:nbcCfpqY0FtKm8h4uVmAlFHagyaqS

Score

10^/10

mirai mirai botnet defense_evasion discovery

Malware Config

Extracted

Family

mirai

Botnet

MIRAI

Signatures

Mirai
Mirai is a prevalent Linux malware infecting exposed network devices.
botnet mirai
Mirai family
mirai

Deletes itself 1 IoCs

pid	Process
703	fd69c599111ca3d7dbe937c74df58b1933d69fea6f47636d485bf5321135b6fe.elf

Modifies Watchdog functionality 1 TTPs 2 IoCs

Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.

defense_evasion

Impair Defenses

T1562

description	ioc	Process
File opened for modification	/dev/watchdog	fd69c599111ca3d7dbe937c74df58b1933d69fea6f47636d485bf5321135b6fe.elf
File opened for modification	/dev/misc/watchdog	fd69c599111ca3d7dbe937c74df58b1933d69fea6f47636d485bf5321135b6fe.elf

Changes its process name 1 IoCs

description	ioc	pid	Process
Changes the process name, possibly in an attempt to hide itself	rwbjkg27wugudn54ffm5	703	fd69c599111ca3d7dbe937c74df58b1933d69fea6f47636d485bf5321135b6fe.elf

Reads runtime system information 64 IoCs

Reads data from /proc virtual filesystem.

discovery

description	ioc	Process
File opened for reading	/proc/744cmdline	fd69c599111ca3d7dbe937c74df58b1933d69fea6f47636d485bf5321135b6fe.elf
File opened for reading	/proc/797cmdline	fd69c599111ca3d7dbe937c74df58b1933d69fea6f47636d485bf5321135b6fe.elf
File opened for reading	/proc/798cmdline	fd69c599111ca3d7dbe937c74df58b1933d69fea6f47636d485bf5321135b6fe.elf
File opened for reading	/proc/801cmdline	fd69c599111ca3d7dbe937c74df58b1933d69fea6f47636d485bf5321135b6fe.elf
File opened for reading	/proc/3cmdline	fd69c599111ca3d7dbe937c74df58b1933d69fea6f47636d485bf5321135b6fe.elf
File opened for reading	/proc/710cmdline	fd69c599111ca3d7dbe937c74df58b1933d69fea6f47636d485bf5321135b6fe.elf
File opened for reading	/proc/740cmdline	fd69c599111ca3d7dbe937c74df58b1933d69fea6f47636d485bf5321135b6fe.elf
File opened for reading	/proc/788cmdline	fd69c599111ca3d7dbe937c74df58b1933d69fea6f47636d485bf5321135b6fe.elf
File opened for reading	/proc/118cmdline	fd69c599111ca3d7dbe937c74df58b1933d69fea6f47636d485bf5321135b6fe.elf
File opened for reading	/proc/119cmdline	fd69c599111ca3d7dbe937c74df58b1933d69fea6f47636d485bf5321135b6fe.elf
File opened for reading	/proc/694cmdline	fd69c599111ca3d7dbe937c74df58b1933d69fea6f47636d485bf5321135b6fe.elf
File opened for reading	/proc/807cmdline	fd69c599111ca3d7dbe937c74df58b1933d69fea6f47636d485bf5321135b6fe.elf
File opened for reading	/proc/78cmdline	fd69c599111ca3d7dbe937c74df58b1933d69fea6f47636d485bf5321135b6fe.elf
File opened for reading	/proc/745cmdline	fd69c599111ca3d7dbe937c74df58b1933d69fea6f47636d485bf5321135b6fe.elf
File opened for reading	/proc/765cmdline	fd69c599111ca3d7dbe937c74df58b1933d69fea6f47636d485bf5321135b6fe.elf
File opened for reading	/proc/785cmdline	fd69c599111ca3d7dbe937c74df58b1933d69fea6f47636d485bf5321135b6fe.elf
File opened for reading	/proc/786cmdline	fd69c599111ca3d7dbe937c74df58b1933d69fea6f47636d485bf5321135b6fe.elf
File opened for reading	/proc/792cmdline	fd69c599111ca3d7dbe937c74df58b1933d69fea6f47636d485bf5321135b6fe.elf
File opened for reading	/proc/1cmdline	fd69c599111ca3d7dbe937c74df58b1933d69fea6f47636d485bf5321135b6fe.elf
File opened for reading	/proc/674cmdline	fd69c599111ca3d7dbe937c74df58b1933d69fea6f47636d485bf5321135b6fe.elf
File opened for reading	/proc/708cmdline	fd69c599111ca3d7dbe937c74df58b1933d69fea6f47636d485bf5321135b6fe.elf
File opened for reading	/proc/735cmdline	fd69c599111ca3d7dbe937c74df58b1933d69fea6f47636d485bf5321135b6fe.elf
File opened for reading	/proc/769cmdline	fd69c599111ca3d7dbe937c74df58b1933d69fea6f47636d485bf5321135b6fe.elf
File opened for reading	/proc/778cmdline	fd69c599111ca3d7dbe937c74df58b1933d69fea6f47636d485bf5321135b6fe.elf
File opened for reading	/proc/6cmdline	fd69c599111ca3d7dbe937c74df58b1933d69fea6f47636d485bf5321135b6fe.elf
File opened for reading	/proc/17cmdline	fd69c599111ca3d7dbe937c74df58b1933d69fea6f47636d485bf5321135b6fe.elf
File opened for reading	/proc/110cmdline	fd69c599111ca3d7dbe937c74df58b1933d69fea6f47636d485bf5321135b6fe.elf
File opened for reading	/proc/779cmdline	fd69c599111ca3d7dbe937c74df58b1933d69fea6f47636d485bf5321135b6fe.elf
File opened for reading	/proc/82cmdline	fd69c599111ca3d7dbe937c74df58b1933d69fea6f47636d485bf5321135b6fe.elf
File opened for reading	/proc/226cmdline	fd69c599111ca3d7dbe937c74df58b1933d69fea6f47636d485bf5321135b6fe.elf
File opened for reading	/proc/320cmdline	fd69c599111ca3d7dbe937c74df58b1933d69fea6f47636d485bf5321135b6fe.elf
File opened for reading	/proc/760cmdline	fd69c599111ca3d7dbe937c74df58b1933d69fea6f47636d485bf5321135b6fe.elf
File opened for reading	/proc/763cmdline	fd69c599111ca3d7dbe937c74df58b1933d69fea6f47636d485bf5321135b6fe.elf
File opened for reading	/proc/768cmdline	fd69c599111ca3d7dbe937c74df58b1933d69fea6f47636d485bf5321135b6fe.elf
File opened for reading	/proc/775cmdline	fd69c599111ca3d7dbe937c74df58b1933d69fea6f47636d485bf5321135b6fe.elf
File opened for reading	/proc/784cmdline	fd69c599111ca3d7dbe937c74df58b1933d69fea6f47636d485bf5321135b6fe.elf
File opened for reading	/proc/374cmdline	fd69c599111ca3d7dbe937c74df58b1933d69fea6f47636d485bf5321135b6fe.elf
File opened for reading	/proc/746cmdline	fd69c599111ca3d7dbe937c74df58b1933d69fea6f47636d485bf5321135b6fe.elf
File opened for reading	/proc/767cmdline	fd69c599111ca3d7dbe937c74df58b1933d69fea6f47636d485bf5321135b6fe.elf
File opened for reading	/proc/771cmdline	fd69c599111ca3d7dbe937c74df58b1933d69fea6f47636d485bf5321135b6fe.elf
File opened for reading	/proc/431cmdline	fd69c599111ca3d7dbe937c74df58b1933d69fea6f47636d485bf5321135b6fe.elf
File opened for reading	/proc/737cmdline	fd69c599111ca3d7dbe937c74df58b1933d69fea6f47636d485bf5321135b6fe.elf
File opened for reading	/proc/774cmdline	fd69c599111ca3d7dbe937c74df58b1933d69fea6f47636d485bf5321135b6fe.elf
File opened for reading	/proc/805cmdline	fd69c599111ca3d7dbe937c74df58b1933d69fea6f47636d485bf5321135b6fe.elf
File opened for reading	/proc/751cmdline	fd69c599111ca3d7dbe937c74df58b1933d69fea6f47636d485bf5321135b6fe.elf
File opened for reading	/proc/68cmdline	fd69c599111ca3d7dbe937c74df58b1933d69fea6f47636d485bf5321135b6fe.elf
File opened for reading	/proc/673cmdline	fd69c599111ca3d7dbe937c74df58b1933d69fea6f47636d485bf5321135b6fe.elf
File opened for reading	/proc/723cmdline	fd69c599111ca3d7dbe937c74df58b1933d69fea6f47636d485bf5321135b6fe.elf
File opened for reading	/proc/741cmdline	fd69c599111ca3d7dbe937c74df58b1933d69fea6f47636d485bf5321135b6fe.elf
File opened for reading	/proc/772cmdline	fd69c599111ca3d7dbe937c74df58b1933d69fea6f47636d485bf5321135b6fe.elf
File opened for reading	/proc/794cmdline	fd69c599111ca3d7dbe937c74df58b1933d69fea6f47636d485bf5321135b6fe.elf
File opened for reading	/proc/718cmdline	fd69c599111ca3d7dbe937c74df58b1933d69fea6f47636d485bf5321135b6fe.elf
File opened for reading	/proc/757cmdline	fd69c599111ca3d7dbe937c74df58b1933d69fea6f47636d485bf5321135b6fe.elf
File opened for reading	/proc/761cmdline	fd69c599111ca3d7dbe937c74df58b1933d69fea6f47636d485bf5321135b6fe.elf
File opened for reading	/proc/9cmdline	fd69c599111ca3d7dbe937c74df58b1933d69fea6f47636d485bf5321135b6fe.elf
File opened for reading	/proc/21cmdline	fd69c599111ca3d7dbe937c74df58b1933d69fea6f47636d485bf5321135b6fe.elf
File opened for reading	/proc/312cmdline	fd69c599111ca3d7dbe937c74df58b1933d69fea6f47636d485bf5321135b6fe.elf
File opened for reading	/proc/317cmdline	fd69c599111ca3d7dbe937c74df58b1933d69fea6f47636d485bf5321135b6fe.elf
File opened for reading	/proc/372cmdline	fd69c599111ca3d7dbe937c74df58b1933d69fea6f47636d485bf5321135b6fe.elf
File opened for reading	/proc/379cmdline	fd69c599111ca3d7dbe937c74df58b1933d69fea6f47636d485bf5321135b6fe.elf
File opened for reading	/proc/734cmdline	fd69c599111ca3d7dbe937c74df58b1933d69fea6f47636d485bf5321135b6fe.elf
File opened for reading	/proc/4cmdline	fd69c599111ca3d7dbe937c74df58b1933d69fea6f47636d485bf5321135b6fe.elf
File opened for reading	/proc/7cmdline	fd69c599111ca3d7dbe937c74df58b1933d69fea6f47636d485bf5321135b6fe.elf
File opened for reading	/proc/18cmdline	fd69c599111ca3d7dbe937c74df58b1933d69fea6f47636d485bf5321135b6fe.elf

/tmp/fd69c599111ca3d7dbe937c74df58b1933d69fea6f47636d485bf5321135b6fe.elf
/tmp/fd69c599111ca3d7dbe937c74df58b1933d69fea6f47636d485bf5321135b6fe.elf
1⤵
- Deletes itself
- Modifies Watchdog functionality
- Changes its process name
- Reads runtime system information
PID:703

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Impair Defenses

T1562

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Windows 7 deprecation

Loading Replay Monitor...