mirai | b2dfce90a8bc90275ffeaad5f01eb9940d492386d9fff13846058d9b94b06b98 | Triage

Submit
Reports

Overview

overview

Static

static

b2dfce90a8...b06b98

linux_armhf

9

Sharing

General

Target

b2dfce90a8bc90275ffeaad5f01eb9940d492386d9fff13846058d9b94b06b98
Size

141KB
Sample

220521-xq9reaffdl
MD5

319890498d82b72cd35dd91989e5d24b
SHA1

d72d8ea187e53d3a478a21392d4126044d95e45d
SHA256

b2dfce90a8bc90275ffeaad5f01eb9940d492386d9fff13846058d9b94b06b98
SHA512

98f401339f2fe459b2fcb9fdd4dbd92998b726cf686a8f40d539c96f917dfe3c9d1860ec23050796deed94af39d55d11bd3e428a217fc88a65b05e6be9dd584d

Score

10^/10

mirai discovery linux

Static task

static1

Behavioral task

behavioral1

Sample

b2dfce90a8bc90275ffeaad5f01eb9940d492386d9fff13846058d9b94b06b98

Resource

debian9-armhf-en-20211208

linux_armhf

0 signatures

0 seconds

Malware Config

Targets

- Target
  
  b2dfce90a8bc90275ffeaad5f01eb9940d492386d9fff13846058d9b94b06b98
- Size
  
  141KB
- MD5
  
  319890498d82b72cd35dd91989e5d24b
- SHA1
  
  d72d8ea187e53d3a478a21392d4126044d95e45d
- SHA256
  
  b2dfce90a8bc90275ffeaad5f01eb9940d492386d9fff13846058d9b94b06b98
- SHA512
  
  98f401339f2fe459b2fcb9fdd4dbd92998b726cf686a8f40d539c96f917dfe3c9d1860ec23050796deed94af39d55d11bd3e428a217fc88a65b05e6be9dd584d
Score

9^/10

discovery
- Contacts a large (18867) amount of remote hosts
  This may indicate a network scan to discover remotely running services.
  discovery
- Creates a large amount of network flows
  This may indicate a network scan to discover remotely running services.
  discovery
- Modifies the Watchdog daemon
  Malware like Mirai modify the Watchdog to prevent it restarting an infected system.
- Writes file to system bin folder
- Enumerates active TCP sockets
  Gets active TCP sockets from /proc virtual filesystem.
- Write file to user bin folder
- Reads system network configuration
  Uses contents of /proc filesystem to enumerate network settings.
- Reads runtime system information
  Reads data from /proc virtual filesystem.
behavioral1

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Hijack Execution Flow

Privilege Escalation

Hijack Execution Flow

Defense Evasion

Impair Defenses

Hijack Execution Flow

Credential Access

Discovery

Network Service Scanning

System Network Connections Discovery

System Network Configuration Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

© 2018-2024

Terms | Privacy