mirai | 5d67ed8dc66c000ce4fa73b11c9f13a66fd9633077850d94110261c52b1927ed | Triage

Submit
Reports

Overview

overview

Static

static

notabotnet.arm7

debian-9-armhf

9

Sharing

General

Target

notabotnet.arm7
Size

151KB
Sample

220806-fqwfcaddc3
MD5

26bc343787a39764319500a7d401f49e
SHA1

5fbd7f801b46b937061f5dac05045ad77b9c69e0
SHA256

5d67ed8dc66c000ce4fa73b11c9f13a66fd9633077850d94110261c52b1927ed
SHA512

0bb956da3f7aaf6e40c113f5a3e53ddd72b654c425d9994d67f8ea9ba04f019df9e8f9aa0af3310222865dea44ebf417d1f5aa5006c7a01c73d127c32369c92a

Score

10^/10

mirai discovery

Static task

static1

2 signatures

Behavioral task

behavioral1

Sample

notabotnet.arm7

Resource

debian9-armhf-en-20211208

debian-9-armhf

4 signatures

150 seconds

Malware Config

Targets

- Target
  
  notabotnet.arm7
- Size
  
  151KB
- MD5
  
  26bc343787a39764319500a7d401f49e
- SHA1
  
  5fbd7f801b46b937061f5dac05045ad77b9c69e0
- SHA256
  
  5d67ed8dc66c000ce4fa73b11c9f13a66fd9633077850d94110261c52b1927ed
- SHA512
  
  0bb956da3f7aaf6e40c113f5a3e53ddd72b654c425d9994d67f8ea9ba04f019df9e8f9aa0af3310222865dea44ebf417d1f5aa5006c7a01c73d127c32369c92a
Score

9^/10

discovery
- Contacts a large (98027) amount of remote hosts
  This may indicate a network scan to discover remotely running services.
  discovery
- Creates a large amount of network flows
  This may indicate a network scan to discover remotely running services.
  discovery
- Modifies the Watchdog daemon
  Malware like Mirai modify the Watchdog to prevent it restarting an infected system.
- Reads runtime system information
  Reads data from /proc virtual filesystem.
behavioral1

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Impair Defenses

Credential Access

Discovery

Network Service Scanning

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

© 2018-2024

Terms | Privacy