mirai | 61148d244ab002d5fc0382b84c40ddb0c6801e3feefe5bd68d22fff0bcb39dcf

Analysis

max time kernel
149s
max time network
151s
platform
debian-9_mips
resource
debian9-mipsbe-20240418-en
resource tags

arch:mipsimage:debian9-mipsbe-20240418-enkernel:4.9.0-13-4kc-maltalocale:en-usos:debian-9-mipssystem
submitted
14/04/2025, 19:44

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

pmips.elf
Size

35KB
MD5

8edab3f54e0d07d07f4a2c78b58f6aee
SHA1

a9d4104ead918423519e7dcf6971ee32ffc42569
SHA256

61148d244ab002d5fc0382b84c40ddb0c6801e3feefe5bd68d22fff0bcb39dcf
SHA512

95eb842d297d80f2e116e650e4a62c45c5aa7c0863bdf43401d2bc8915bdfac06d97b16ee2d3c11c3219fd8187bb66195c5eb24f39cd44ad1a3a42d5961a1e30
SSDEEP

768:ylWqYyhCL7njgXf9ZWlFbNKlgwYS2PEVbqehfJgGlzDpbuR1JQIK:Jq+Ljj6ZtYS2sVueLVJueIK

Score

10^/10

mirai mirai botnet defense_evasion discovery

Malware Config

Extracted

Family

mirai

Botnet

MIRAI

Signatures

Mirai
Mirai is a prevalent Linux malware infecting exposed network devices.
botnet mirai
Mirai family
mirai

Deletes itself 1 IoCs

pid	Process
710	pmips.elf

Modifies Watchdog functionality 1 TTPs 2 IoCs

Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.

defense_evasion

Impair Defenses

T1562

description	ioc	Process
File opened for modification	/dev/watchdog	pmips.elf
File opened for modification	/dev/misc/watchdog	pmips.elf

Changes its process name 1 IoCs

description	ioc	pid	Process
Changes the process name, possibly in an attempt to hide itself	7k74gwhrj0q0teagpwdnle5h7vhw4meu	710	pmips.elf

Reads runtime system information 64 IoCs

Reads data from /proc virtual filesystem.

discovery

description	ioc	Process
File opened for reading	/proc/16cmdline	pmips.elf
File opened for reading	/proc/122cmdline	pmips.elf
File opened for reading	/proc/771cmdline	pmips.elf
File opened for reading	/proc/799cmdline	pmips.elf
File opened for reading	/proc/805cmdline	pmips.elf
File opened for reading	/proc/688cmdline	pmips.elf
File opened for reading	/proc/740cmdline	pmips.elf
File opened for reading	/proc/757cmdline	pmips.elf
File opened for reading	/proc/765cmdline	pmips.elf
File opened for reading	/proc/770cmdline	pmips.elf
File opened for reading	/proc/785cmdline	pmips.elf
File opened for reading	/proc/791cmdline	pmips.elf
File opened for reading	/proc/808cmdline	pmips.elf
File opened for reading	/proc/21cmdline	pmips.elf
File opened for reading	/proc/72cmdline	pmips.elf
File opened for reading	/proc/148cmdline	pmips.elf
File opened for reading	/proc/705cmdline	pmips.elf
File opened for reading	/proc/739cmdline	pmips.elf
File opened for reading	/proc/767cmdline	pmips.elf
File opened for reading	/proc/797cmdline	pmips.elf
File opened for reading	/proc/14cmdline	pmips.elf
File opened for reading	/proc/320cmdline	pmips.elf
File opened for reading	/proc/731cmdline	pmips.elf
File opened for reading	/proc/749cmdline	pmips.elf
File opened for reading	/proc/756cmdline	pmips.elf
File opened for reading	/proc/775cmdline	pmips.elf
File opened for reading	/proc/786cmdline	pmips.elf
File opened for reading	/proc/157cmdline	pmips.elf
File opened for reading	/proc/7cmdline	pmips.elf
File opened for reading	/proc/74cmdline	pmips.elf
File opened for reading	/proc/78cmdline	pmips.elf
File opened for reading	/proc/722cmdline	pmips.elf
File opened for reading	/proc/748cmdline	pmips.elf
File opened for reading	/proc/769cmdline	pmips.elf
File opened for reading	/proc/793cmdline	pmips.elf
File opened for reading	/proc/6cmdline	pmips.elf
File opened for reading	/proc/75cmdline	pmips.elf
File opened for reading	/proc/734cmdline	pmips.elf
File opened for reading	/proc/801cmdline	pmips.elf
File opened for reading	/proc/173cmdline	pmips.elf
File opened for reading	/proc/753cmdline	pmips.elf
File opened for reading	/proc/788cmdline	pmips.elf
File opened for reading	/proc/816cmdline	pmips.elf
File opened for reading	/proc/723cmdline	pmips.elf
File opened for reading	/proc/759cmdline	pmips.elf
File opened for reading	/proc/762cmdline	pmips.elf
File opened for reading	/proc/774cmdline	pmips.elf
File opened for reading	/proc/811cmdline	pmips.elf
File opened for reading	/proc/19cmdline	pmips.elf
File opened for reading	/proc/36cmdline	pmips.elf
File opened for reading	/proc/18cmdline	pmips.elf
File opened for reading	/proc/77cmdline	pmips.elf
File opened for reading	/proc/737cmdline	pmips.elf
File opened for reading	/proc/742cmdline	pmips.elf
File opened for reading	/proc/758cmdline	pmips.elf
File opened for reading	/proc/763cmdline	pmips.elf
File opened for reading	/proc/427cmdline	pmips.elf
File opened for reading	/proc/751cmdline	pmips.elf
File opened for reading	/proc/781cmdline	pmips.elf
File opened for reading	/proc/795cmdline	pmips.elf
File opened for reading	/proc/817cmdline	pmips.elf
File opened for reading	/proc/10cmdline	pmips.elf
File opened for reading	/proc/73cmdline	pmips.elf
File opened for reading	/proc/82cmdline	pmips.elf

System Network Configuration Discovery 1 TTPs 1 IoCs

Adversaries may gather information about the network configuration of a system.

discovery

System Network Configuration Discovery

T1016

pid	Process
710	pmips.elf

/tmp/pmips.elf
/tmp/pmips.elf
1⤵
- Deletes itself
- Modifies Watchdog functionality
- Changes its process name
- Reads runtime system information
- System Network Configuration Discovery
PID:710

Network

MITRE ATT&CK Enterprise v16

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Impair Defenses

T1562

Credential Access

Discovery

System Network Configuration Discovery

T1016

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Analysis

Sharing

General

Malware Config

Extracted

Signatures

Processes

Network

MITRE ATT&CK Enterprise v16

Replay Monitor

Loading Replay Monitor...

Downloads