mirai | 92c1fe3a7c266fe0a4b8a3eea1aeb6c343b10a467e06377d5c9c24a5986cfda9 | Triage

Submit
Reports

Overview

overview

Static

static

92c1fe3a7c...6cfda9

linux_armhf

9

Sharing

General

Target

92c1fe3a7c266fe0a4b8a3eea1aeb6c343b10a467e06377d5c9c24a5986cfda9
Size

148KB
Sample

220521-xracyacdd8
MD5

5cbaa4e8a16bbd87501d217c4efe68bb
SHA1

949f137000821f2f051193ad7e06b71e0e249b55
SHA256

92c1fe3a7c266fe0a4b8a3eea1aeb6c343b10a467e06377d5c9c24a5986cfda9
SHA512

aeb87b71b21eca23320c8d6caf6841adc620c14a72434eaef630004fa19997a8e17797a66b58c7f28605aeb836339aed6dddbd166eb0cd84effa5529a8fc2bf5

Score

10^/10

mirai discovery linux

Static task

static1

Behavioral task

behavioral1

Sample

92c1fe3a7c266fe0a4b8a3eea1aeb6c343b10a467e06377d5c9c24a5986cfda9

Resource

debian9-armhf-en-20211208

linux_armhf

0 signatures

0 seconds

Malware Config

Targets

- Target
  
  92c1fe3a7c266fe0a4b8a3eea1aeb6c343b10a467e06377d5c9c24a5986cfda9
- Size
  
  148KB
- MD5
  
  5cbaa4e8a16bbd87501d217c4efe68bb
- SHA1
  
  949f137000821f2f051193ad7e06b71e0e249b55
- SHA256
  
  92c1fe3a7c266fe0a4b8a3eea1aeb6c343b10a467e06377d5c9c24a5986cfda9
- SHA512
  
  aeb87b71b21eca23320c8d6caf6841adc620c14a72434eaef630004fa19997a8e17797a66b58c7f28605aeb836339aed6dddbd166eb0cd84effa5529a8fc2bf5
Score

9^/10

discovery
- Contacts a large (18980) amount of remote hosts
  This may indicate a network scan to discover remotely running services.
  discovery
- Creates a large amount of network flows
  This may indicate a network scan to discover remotely running services.
  discovery
- Modifies the Watchdog daemon
  Malware like Mirai modify the Watchdog to prevent it restarting an infected system.
- Writes file to system bin folder
- Enumerates active TCP sockets
  Gets active TCP sockets from /proc virtual filesystem.
- Write file to user bin folder
- Reads system network configuration
  Uses contents of /proc filesystem to enumerate network settings.
- Reads runtime system information
  Reads data from /proc virtual filesystem.
behavioral1

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Hijack Execution Flow

Privilege Escalation

Hijack Execution Flow

Defense Evasion

Impair Defenses

Hijack Execution Flow

Credential Access

Discovery

Network Service Scanning

System Network Connections Discovery

System Network Configuration Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

© 2018-2024

Terms | Privacy