mirai | 798c5b236a2c2ad1a00d9a4fdce13518fae9402b67b5a683b9123ec261340a05 | Triage

Sharing

General

Target

b2239b81a9968bb76bc5944c187e989f.elf
Size

125KB
Sample

230106-jn9fzaba5v
MD5

b2239b81a9968bb76bc5944c187e989f
SHA1

22dd3e7bbbf3702e49c62cc0038b1b458223d4d9
SHA256

798c5b236a2c2ad1a00d9a4fdce13518fae9402b67b5a683b9123ec261340a05
SHA512

26d6489968b603ad5910c04a0d231082b8de95140db24068eb866971b528c9b9cdae683a7f9261daaaa60be015a9cac4df0f85f4eee723695439942727d50861
SSDEEP

3072:jiG4jOVlNdJVqDusN+7S4p9KUgrUEjcNyWNkyKwO49ld3Fb1liWtIF:jUjOVlNd3qDdN+OI9KUgrUG0Fb1liWtI

Score

10^/10

mirai unstable discovery

Malware Config

Extracted

Family

mirai

Botnet

UNSTABLE

C2

xin.badplayer.net

Targets

- Target
  
  b2239b81a9968bb76bc5944c187e989f.elf
- Size
  
  125KB
- MD5
  
  b2239b81a9968bb76bc5944c187e989f
- SHA1
  
  22dd3e7bbbf3702e49c62cc0038b1b458223d4d9
- SHA256
  
  798c5b236a2c2ad1a00d9a4fdce13518fae9402b67b5a683b9123ec261340a05
- SHA512
  
  26d6489968b603ad5910c04a0d231082b8de95140db24068eb866971b528c9b9cdae683a7f9261daaaa60be015a9cac4df0f85f4eee723695439942727d50861
- SSDEEP
  
  3072:jiG4jOVlNdJVqDusN+7S4p9KUgrUEjcNyWNkyKwO49ld3Fb1liWtIF:jUjOVlNd3qDdN+OI9KUgrUG0Fb1liWtI
Score

9^/10

discovery
- Creates a large amount of network flows
  This may indicate a network scan to discover remotely running services.
  discovery
- Modifies the Watchdog daemon
  Malware like Mirai modify the Watchdog to prevent it restarting an infected system.
- Writes file to system bin folder
- Reads runtime system information
  Reads data from /proc virtual filesystem.
behavioral1

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Hijack Execution Flow

Privilege Escalation

Hijack Execution Flow

Defense Evasion

Hijack Execution Flow

Impair Defenses

Credential Access

Discovery

Network Service Scanning

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1