mirai | 01b5aa74d8b631830a2f5169aab66be0e495c3b3966bb9480f1f67a7093540d4 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

26411e771d2cfd12cb1dd13bbb1e05a1.elf
Size

49KB
Sample

221026-nl6drafehr
MD5

26411e771d2cfd12cb1dd13bbb1e05a1
SHA1

115f523261eaa3647d033741c0f3601e3ef91723
SHA256

01b5aa74d8b631830a2f5169aab66be0e495c3b3966bb9480f1f67a7093540d4
SHA512

080919b428683bd6f61990feb32f31574b7700fa4c7715204da4f893ccea8418f3562de306cc746720c6a2032a2683e8b56f4bf54e3797709c3b7333b7c8ad16
SSDEEP

768:IO+u+B5jqq79ONJjh3glLs4UWnDZ3JosOJnCL5Lmr0AaW8Sc:IR5jqq79OLjh3glXU0H4C1SaW8Sc

Score

10^/10

mirai botnet discovery linux

Malware Config

Extracted

Family

mirai

Botnet

BOTNET

C2

amkcnc.duckdns.org

amkscan.duckdns.org

Targets

- Target
  
  26411e771d2cfd12cb1dd13bbb1e05a1.elf
- Size
  
  49KB
- MD5
  
  26411e771d2cfd12cb1dd13bbb1e05a1
- SHA1
  
  115f523261eaa3647d033741c0f3601e3ef91723
- SHA256
  
  01b5aa74d8b631830a2f5169aab66be0e495c3b3966bb9480f1f67a7093540d4
- SHA512
  
  080919b428683bd6f61990feb32f31574b7700fa4c7715204da4f893ccea8418f3562de306cc746720c6a2032a2683e8b56f4bf54e3797709c3b7333b7c8ad16
- SSDEEP
  
  768:IO+u+B5jqq79ONJjh3glLs4UWnDZ3JosOJnCL5Lmr0AaW8Sc:IR5jqq79OLjh3glXU0H4C1SaW8Sc
Score

9^/10

discovery
- Contacts a large (110547) amount of remote hosts
  This may indicate a network scan to discover remotely running services.
  discovery
- Creates a large amount of network flows
  This may indicate a network scan to discover remotely running services.
  discovery
- Reads runtime system information
  Reads data from /proc virtual filesystem.
behavioral1

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Network Service Scanning

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1