mirai | 713bec3646241416ee7c148b76e32858ca1b7e9ceb0a79d14f6d2cbce03ff2ca | Triage

Sharing

General

Target

fe20a9bfdf47e9279eb46ec4d56bdb92.elf
Size

61KB
Sample

230216-x1wmjaba4t
MD5

fe20a9bfdf47e9279eb46ec4d56bdb92
SHA1

267b65c88f2505572f0d8f42aaa23a98bb2cfb5c
SHA256

713bec3646241416ee7c148b76e32858ca1b7e9ceb0a79d14f6d2cbce03ff2ca
SHA512

141f04b8fee1880cb747b40ccefcad9b4724b16ccd420e9f1a99a7a6e20101ce998822089dfff71ee14d238ace4688d79e36a1f1ef4f8d42fb1fcbe2b81917d7
SSDEEP

1536:dpmbSQ6U3q7cCBT/lZsK/0DiQTLiKimfFoktCe3fYRM5:WShU3q7cEDlCK/0Dr9i8Fok06fYRq

Score

10^/10

mirai discovery linux

Malware Config

Extracted

Family

mirai

C2

j.xnyidc.top

Targets

- Target
  
  fe20a9bfdf47e9279eb46ec4d56bdb92.elf
- Size
  
  61KB
- MD5
  
  fe20a9bfdf47e9279eb46ec4d56bdb92
- SHA1
  
  267b65c88f2505572f0d8f42aaa23a98bb2cfb5c
- SHA256
  
  713bec3646241416ee7c148b76e32858ca1b7e9ceb0a79d14f6d2cbce03ff2ca
- SHA512
  
  141f04b8fee1880cb747b40ccefcad9b4724b16ccd420e9f1a99a7a6e20101ce998822089dfff71ee14d238ace4688d79e36a1f1ef4f8d42fb1fcbe2b81917d7
- SSDEEP
  
  1536:dpmbSQ6U3q7cCBT/lZsK/0DiQTLiKimfFoktCe3fYRM5:WShU3q7cEDlCK/0Dr9i8Fok06fYRq
Score

9^/10

discovery
- Contacts a large (37370) amount of remote hosts
  This may indicate a network scan to discover remotely running services.
  discovery
- Creates a large amount of network flows
  This may indicate a network scan to discover remotely running services.
  discovery
- Reads runtime system information
  Reads data from /proc virtual filesystem.
behavioral1

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Network Service Scanning

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1