General

  • Target

    518668d64e5e5ec824bb002f8860c4142f0cacdb8e72a9f76b73ae30f1474007

  • Size

    582KB

  • Sample

    220718-r2jrgaegh2

  • MD5

    209ba67384a7ac63e20111bc58423ba1

  • SHA1

    e99dff8c2a30b496d57d7898f2e43e9f204a7d5e

  • SHA256

    518668d64e5e5ec824bb002f8860c4142f0cacdb8e72a9f76b73ae30f1474007

  • SHA512

    f0e07aef6541bbb0333a81deec0c55731c4eb7eb2a66fa60a46b7e96643040e8fa9194216a35c68a869e6080e9b3d9a36b0230e443f0f889b416273578e27073

Malware Config

Targets

    • Target

      89.42.133.67/armv4l

    • Size

      126KB

    • MD5

      66af5d6ccd77043f6d878fc398195f47

    • SHA1

      6572b21695d321007908edf509370211587844e9

    • SHA256

      6582b01340f39194a20619a90645098ce126aecdfe352483b29dc0a395e92557

    • SHA512

      80490c777743737cd4a0a2502d944e0d0b5cf2377b71a32ee884fd06f178f5631d3c378300dc8d83a4f6f47616ecf6fc48b298d5238e1ddb3ceaed49513f21e9

    Score
    1/10
    • Target

      89.42.133.67/armv5l

    • Size

      122KB

    • MD5

      79f3486597d9438c71bb7a9386279509

    • SHA1

      7aa3df07b79012fc6cd68f3152c80f49443be679

    • SHA256

      90e8b1b29b5855e845710085ed9eb7925112b463032ffa2ab4d0949afdd45151

    • SHA512

      2ab7f58004483f41cea84e01f56f1a7383930a7e20b4c97f514f63b5f5bef82404d307e80491c11096f1afdb551cb3b811b9bc10d2dbe41549181807102a291d

    Score
    1/10
    • Target

      89.42.133.67/armv6l

    • Size

      139KB

    • MD5

      905ca647e9864f219d0bd0ff93cf428c

    • SHA1

      25ac8bb5e88522700d63f81013123c0d4ff98620

    • SHA256

      46273459b8fecd36e03f8769e71c5a54e4d417b878ed88a997e322d107efc1c1

    • SHA512

      3ced13506bd84ea916a9eed641574fce5aea9561168680579f5c2cebdc621ba03b2325400ac32eb960f25d6d42b1dbb9b2267d0ecfafbef505e78dbeec5df633

    Score
    9/10
    • Modifies the Watchdog daemon

      Malware like Mirai modify the Watchdog to prevent it restarting an infected system.

    • Reads system routing table

      Gets active network interfaces from /proc virtual filesystem.

    • Reads system network configuration

      Uses contents of /proc filesystem to enumerate network settings.

    • Target

      89.42.133.67/i586

    • Size

      97KB

    • MD5

      588aeead24b54ff4fb1595bf416c8fd4

    • SHA1

      ec1b47c9db3ecef3e946a520de386844f2fb982b

    • SHA256

      0cbc86f2f89255bd2a50e73c7e94138286e0aca7a173307827bab01811a07a99

    • SHA512

      77de312a8a0a3d999da224668e12fc477e0fe6035a07282b4862b595ffdb464f3409f97b22c69825a2a435698634acdbd611905faebb721a1804339224691aa5

    Score
    1/10
    • Target

      89.42.133.67/i686

    • Size

      101KB

    • MD5

      84e1700d4f0697812feb2cd7bd13fc7d

    • SHA1

      10acb0b6c0805191b84da52c006aa98287cfac1b

    • SHA256

      ba287d6861701270c1d3c5ab6df6f70247efb7281cbd96f2706f202ec86d9c0c

    • SHA512

      775812e4cea229cf5e1f4ca0ecebe6edabae19d6f4495cc718b9d0e00175fba72008f7464eb1129de75bf86f91cf0fa9c7087589059ceac03c5920af6f5714e3

    Score
    1/10
    • Target

      89.42.133.67/m68k

    • Size

      115KB

    • MD5

      3117d63fd6597f7d184d39d08d5024e9

    • SHA1

      849ca4a6886f20a4a114d0eb5d08b3b328f300b5

    • SHA256

      28e7b4f7db7df8423fb9fa4c2de6c96e371fced51e9c548f005e21c4bc3f46b6

    • SHA512

      31a4b16762bcb894ae0f412417cad04491d01aedb9b3627d8fd2e4027241e3db2ead1c0cf1b23f0f8c28b5677c393ab426df71fcfd49fae508fc867f2dfd51c0

    Score
    1/10
    • Target

      89.42.133.67/mips

    • Size

      151KB

    • MD5

      0c842eed0ddb8e115955c6bae24b5624

    • SHA1

      396940a28525aab9b3221af0e32a899e5b6acfe5

    • SHA256

      1eaeee119c1d91059c1f9fb5e945592fb021615ac6f57edce3c5becb20488f9e

    • SHA512

      b26e191e4947767456ec5b06fec156b763f6df65a91de5db894e8e96cebc1cc63637cf0865888a792bad994ece0df9b80efb313cc22e564ec58ab8a394ec4d37

    Score
    9/10
    • Modifies the Watchdog daemon

      Malware like Mirai modify the Watchdog to prevent it restarting an infected system.

    • Reads system routing table

      Gets active network interfaces from /proc virtual filesystem.

    • Reads system network configuration

      Uses contents of /proc filesystem to enumerate network settings.

    • Target

      89.42.133.67/mipsel

    • Size

      151KB

    • MD5

      2689f992a141db2fad3bc8f88e204fbb

    • SHA1

      d7f7270e5a4a127d1324d3ca7cd5f7178d782019

    • SHA256

      70fa90a54ca86ef493f526cbc4f26c03844b875f4519d14f6e70fe3c01320eb4

    • SHA512

      12d7c08058e01bfa811511a959c49220f87a29e040835cc59a9d8d1ee9e299073c5758c4101439077b85098ba5970da08550ffb81c34460277bb381db99f4469

    Score
    9/10
    • Modifies the Watchdog daemon

      Malware like Mirai modify the Watchdog to prevent it restarting an infected system.

    • Reads system routing table

      Gets active network interfaces from /proc virtual filesystem.

    • Reads system network configuration

      Uses contents of /proc filesystem to enumerate network settings.

    • Target

      89.42.133.67/powerpc

    • Size

      114KB

    • MD5

      1924fd5e701008571b175915288f2d99

    • SHA1

      e353027379a839b2a0d47574bdfff6be3b56c2be

    • SHA256

      591f9c049a756bee70a335f62adb2dbd0c6417f4b193871f97cc79f803f6d77d

    • SHA512

      36324a4d53e3cab11fe07c95b6c825965388127178635ff93a26c0a60488deb2fc12f2b8a84272c84ed6a027edeabbea9b80fd1ebced3f7d904311b8095eb3f1

    Score
    1/10
    • Target

      89.42.133.67/sh4

    • Size

      109KB

    • MD5

      91e54354a99d25dd7e6a665fc974f235

    • SHA1

      28114a83cda691419a81bd86e3de150d7f52177c

    • SHA256

      fcb18e43808c319f261e9e827d79d0527fd7f59e013d2f59d25026e8637752fb

    • SHA512

      6bed76407868308504b67703194870899a070f826da1ab74c6d53e9191823b4ccfd2d9cc249ebbdfd04459584cb10013a15283b91d6d91bf078e37dee2a85866

    Score
    1/10
    • Target

      89.42.133.67/sparc

    • Size

      126KB

    • MD5

      dd30d039d3457fc5b12252e582ec24da

    • SHA1

      4295115e8e2f331655ae8fb8d89804775a9a5cdf

    • SHA256

      4155d93de9834e51271ea7c37cd6ca17adf92cf75b3b2a90b506d104995af2cc

    • SHA512

      b68148467394aee2ac25df3aba24f3094f58eb78b1bc0a149de36e063d121868965fbaf59ef62a33b9ab350857b0e0b748debe830cc440e9b7b1986daf604b2d

    Score
    1/10
    • Target

      89.42.133.67/x86

    • Size

      113KB

    • MD5

      cf0a594291b385474e07912f9fd4b583

    • SHA1

      1e7379cde7eee43e873e4102b95b6a53b7b270f1

    • SHA256

      f990b88a05bd94fd9aca6b6e048c83efa35163615978760c71e1bcb16ed4a849

    • SHA512

      a3bfb7962d70f0910be03de6117c4b8ab22ad088b1ef0a0a693abaa330f78eb8b0b777b9e196689bc85ef571956f41009f5f71541adc8c964e8d5658b7d2efdc

    Score
    9/10
    • Modifies the Watchdog daemon

      Malware like Mirai modify the Watchdog to prevent it restarting an infected system.

    • Reads system routing table

      Gets active network interfaces from /proc virtual filesystem.

    • Reads system network configuration

      Uses contents of /proc filesystem to enumerate network settings.

MITRE ATT&CK Enterprise v6

Tasks