mirai | cf6a31deb14f809c91689a4600560c9cec53c907457d98b492f68ae3d5277192 | Triage

Sharing

General

Target

3bd1de59102fdae01bd44fc1b820441d.elf
Size

67KB
Sample

221015-we5smsfhd8
MD5

3bd1de59102fdae01bd44fc1b820441d
SHA1

29e6b5e85bf1f47b15b3105412f41fe078f8fd32
SHA256

cf6a31deb14f809c91689a4600560c9cec53c907457d98b492f68ae3d5277192
SHA512

abfc6d35ea2dff747c7a46cff024ae90dcedfa238debe717a27d59999020abff40aa28992a4d6d98999283f6eae9147449a6cf1ef87aae56100603f09fcec515
SSDEEP

1536:qm1lyOqdC1s7dYbpmnAn4bfjCdLbZAozIT:qalyOqdC1aYtmqLb

Score

10^/10

mirai botnet discovery

Malware Config

Extracted

Family

mirai

Botnet

BOTNET

C2

amkcnc.duckdns.org

amkscan.duckdns.org

Targets

- Target
  
  3bd1de59102fdae01bd44fc1b820441d.elf
- Size
  
  67KB
- MD5
  
  3bd1de59102fdae01bd44fc1b820441d
- SHA1
  
  29e6b5e85bf1f47b15b3105412f41fe078f8fd32
- SHA256
  
  cf6a31deb14f809c91689a4600560c9cec53c907457d98b492f68ae3d5277192
- SHA512
  
  abfc6d35ea2dff747c7a46cff024ae90dcedfa238debe717a27d59999020abff40aa28992a4d6d98999283f6eae9147449a6cf1ef87aae56100603f09fcec515
- SSDEEP
  
  1536:qm1lyOqdC1s7dYbpmnAn4bfjCdLbZAozIT:qalyOqdC1aYtmqLb
Score

9^/10

discovery
- Contacts a large (113102) amount of remote hosts
  This may indicate a network scan to discover remotely running services.
  discovery
- Creates a large amount of network flows
  This may indicate a network scan to discover remotely running services.
  discovery
- Modifies the Watchdog daemon
  Malware like Mirai modify the Watchdog to prevent it restarting an infected system.
- Reads runtime system information
  Reads data from /proc virtual filesystem.
behavioral1

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Impair Defenses

Credential Access

Discovery

Network Service Scanning

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1