mirai | f181dd7b61804fd6b9a084d50ef6d6a512835c3a73ffccf77de9400a7084f4a0 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

jklarm7.elf
Size

121KB
Sample

221127-3v5wxaha95
MD5

00715123653296ac9808fb80c7523a0b
SHA1

b39079f672adc38774a8d11d4f98d34e2fb0089a
SHA256

f181dd7b61804fd6b9a084d50ef6d6a512835c3a73ffccf77de9400a7084f4a0
SHA512

70d08604fed969df755d6e87be6ca146f215c7a6a457a874c4e5f3c0fbde7529a53ad1ed23bb11c31adb0826e24f03ce06a5ad11f69a39919b3cbc22be584ed6
SSDEEP

3072:ckhhXRpV11tSlbR44+iV/VVr4vfPjsM/9bnM:ThhXl1PkbR44+i5V+vfPIM/9zM

Score

10^/10

mirai botnet discovery

Malware Config

Extracted

Family

mirai

Botnet

BOTNET

Targets

- Target
  
  jklarm7.elf
- Size
  
  121KB
- MD5
  
  00715123653296ac9808fb80c7523a0b
- SHA1
  
  b39079f672adc38774a8d11d4f98d34e2fb0089a
- SHA256
  
  f181dd7b61804fd6b9a084d50ef6d6a512835c3a73ffccf77de9400a7084f4a0
- SHA512
  
  70d08604fed969df755d6e87be6ca146f215c7a6a457a874c4e5f3c0fbde7529a53ad1ed23bb11c31adb0826e24f03ce06a5ad11f69a39919b3cbc22be584ed6
- SSDEEP
  
  3072:ckhhXRpV11tSlbR44+iV/VVr4vfPjsM/9bnM:ThhXl1PkbR44+i5V+vfPIM/9zM
Score

9^/10

discovery
- Creates a large amount of network flows
  This may indicate a network scan to discover remotely running services.
  discovery
- Modifies the Watchdog daemon
  Malware like Mirai modify the Watchdog to prevent it restarting an infected system.
- Reads runtime system information
  Reads data from /proc virtual filesystem.
behavioral1

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Impair Defenses

Credential Access

Discovery

Network Service Scanning

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1