mirai | dc4a312d3c3c9bf2c7c424e575fcd78fce97bf6e83745966c95df5c0a1b88fcd | Triage

Sharing

General

Target

4e66aa949525ec5b371a6daf76bc72fb.elf
Size

43KB
Sample

221219-ppg11aeh99
MD5

4e66aa949525ec5b371a6daf76bc72fb
SHA1

954a36e28af909e872f7147c5fca7ecd4072e020
SHA256

dc4a312d3c3c9bf2c7c424e575fcd78fce97bf6e83745966c95df5c0a1b88fcd
SHA512

9d42884b3c7daacd02aa3bc5600eef9dcc08e4cb5226fc83c336b95fd589cbc4eaff8de0b74681e05a4e0ca187210a2d0e338dc09795dfe9fda2ad41c7a06894
SSDEEP

768:3SEvqhMTZRg49jMxXnHkmoDhRCyQtFHaNesvKQLDNZHJN:XvqhMTZ24BioDhotFHMr3Lh

Score

10^/10

mirai condi linux

Malware Config

Extracted

Family

mirai

Botnet

CONDI

C2

cnc.condinet.cf

report.condinet.cf

Targets

- Target
  
  4e66aa949525ec5b371a6daf76bc72fb.elf
- Size
  
  43KB
- MD5
  
  4e66aa949525ec5b371a6daf76bc72fb
- SHA1
  
  954a36e28af909e872f7147c5fca7ecd4072e020
- SHA256
  
  dc4a312d3c3c9bf2c7c424e575fcd78fce97bf6e83745966c95df5c0a1b88fcd
- SHA512
  
  9d42884b3c7daacd02aa3bc5600eef9dcc08e4cb5226fc83c336b95fd589cbc4eaff8de0b74681e05a4e0ca187210a2d0e338dc09795dfe9fda2ad41c7a06894
- SSDEEP
  
  768:3SEvqhMTZRg49jMxXnHkmoDhRCyQtFHaNesvKQLDNZHJN:XvqhMTZ24BioDhotFHMr3Lh
Score

7^/10
- Enumerates active TCP sockets
  Gets active TCP sockets from /proc virtual filesystem.
- Reads system network configuration
  Uses contents of /proc filesystem to enumerate network settings.
behavioral1

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Network Connections Discovery

System Network Configuration Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1