mirai | 61151aa25ec8892705fde509e13f434e60ed73ce610feb8b270cecc9a1fc8e6f | Triage

Sharing

Copy URL Twitter E-mail

General

Target

e3f2476ba36072502ad672bda9dc8f58.elf
Size

103KB
Sample

221219-rezjeafb77
MD5

e3f2476ba36072502ad672bda9dc8f58
SHA1

af8c8082a19bd49bc4c132525dbc73ca68c34948
SHA256

61151aa25ec8892705fde509e13f434e60ed73ce610feb8b270cecc9a1fc8e6f
SHA512

1c4b429b1b7a2212944521530d4ee7428a4b84c499fcb16be56d29d077c5c2ee4578e4e7a634275cae10fa99244c684f407cc739543ad505a085adc89c3fa67c
SSDEEP

1536:U+lW/jJX71xsIy8rv/IiGP7nsYnvTZm3UixqtKIT4VPGd:U+leJLTsIPrvDI7sYtDig7T4

Score

10^/10

mirai mirai linux

Malware Config

Extracted

Family

mirai

Botnet

MIRAI

C2

verywellccc.viewdns.net

Targets

- Target
  
  e3f2476ba36072502ad672bda9dc8f58.elf
- Size
  
  103KB
- MD5
  
  e3f2476ba36072502ad672bda9dc8f58
- SHA1
  
  af8c8082a19bd49bc4c132525dbc73ca68c34948
- SHA256
  
  61151aa25ec8892705fde509e13f434e60ed73ce610feb8b270cecc9a1fc8e6f
- SHA512
  
  1c4b429b1b7a2212944521530d4ee7428a4b84c499fcb16be56d29d077c5c2ee4578e4e7a634275cae10fa99244c684f407cc739543ad505a085adc89c3fa67c
- SSDEEP
  
  1536:U+lW/jJX71xsIy8rv/IiGP7nsYnvTZm3UixqtKIT4VPGd:U+leJLTsIPrvDI7sYtDig7T4
Score

9^/10
- Modifies the Watchdog daemon
  Malware like Mirai modify the Watchdog to prevent it restarting an infected system.
- Writes file to tmp directory
  Malware often drops required files in the /tmp directory.
behavioral1

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Impair Defenses

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1