mirai | 80f7a57c35a4cc5fd5edfef5f98b1bd47e4a45eca1dc66a8e469b8deac00d378 | Triage

Sharing

General

Target

da765df1f7cd6b4ff84ffc6eaaee755b.elf
Size

128KB
Sample

230103-s6gncabh33
MD5

da765df1f7cd6b4ff84ffc6eaaee755b
SHA1

d181424dce5edfab1d2671f38cf42c6d76bae41d
SHA256

80f7a57c35a4cc5fd5edfef5f98b1bd47e4a45eca1dc66a8e469b8deac00d378
SHA512

81d507af2778beef2ad406ece6eeb0f0819243e33270f3cedb71bca5b462a286d83b1f421f8e6eb03ae40694ceb086c2ad331c78f7e936efb33ee782e4d02ef8
SSDEEP

3072:kG6chUTG0OzRls5wYEbINrM5vfTwZM/9TOPXa:kGBh+GtzRls5N2IEvfTiM/9qa

Score

10^/10

mirai pedo

Malware Config

Extracted

Family

mirai

Botnet

PEDO

Targets

- Target
  
  da765df1f7cd6b4ff84ffc6eaaee755b.elf
- Size
  
  128KB
- MD5
  
  da765df1f7cd6b4ff84ffc6eaaee755b
- SHA1
  
  d181424dce5edfab1d2671f38cf42c6d76bae41d
- SHA256
  
  80f7a57c35a4cc5fd5edfef5f98b1bd47e4a45eca1dc66a8e469b8deac00d378
- SHA512
  
  81d507af2778beef2ad406ece6eeb0f0819243e33270f3cedb71bca5b462a286d83b1f421f8e6eb03ae40694ceb086c2ad331c78f7e936efb33ee782e4d02ef8
- SSDEEP
  
  3072:kG6chUTG0OzRls5wYEbINrM5vfTwZM/9TOPXa:kGBh+GtzRls5N2IEvfTiM/9qa
Score

9^/10
- Modifies the Watchdog daemon
  Malware like Mirai modify the Watchdog to prevent it restarting an infected system.
- Reads runtime system information
  Reads data from /proc virtual filesystem.
- Writes file to tmp directory
  Malware often drops required files in the /tmp directory.
behavioral1

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Impair Defenses

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1