mirai | 5febef67530bca92f2a85b3f12e87f6a48d25b80cc0b17ce1e5f6965dd0df3a4 | Triage

Sharing

General

Target

botx.arm7.elf
Size

128KB
Sample

230226-p3gmdsgg4x
MD5

3b62552da0812fbf2c14f737319f8104
SHA1

f0b5249c7f596eaf67828676a028c023356a6250
SHA256

5febef67530bca92f2a85b3f12e87f6a48d25b80cc0b17ce1e5f6965dd0df3a4
SHA512

431de02e3ae37907a59835ce034a016e0c6c03cf9d749d464a37ba53db3bf139c07afc93f6ea6f98efd386ab3ee7940f46843e12f45d424ebf5f655b83399ab4
SSDEEP

3072:FMHPp2YD4jMB2CSHfFBR5KVbweCS9j6RM/918mywPoIlq:FMHPp2tjxCSHfFBzK+XS98M/9OmywPo1

Score

10^/10

mirai condi discovery

Malware Config

Extracted

Family

mirai

Botnet

CONDI

C2

cnc.condinet.cf

report.condinet.cf

Targets

- Target
  
  botx.arm7.elf
- Size
  
  128KB
- MD5
  
  3b62552da0812fbf2c14f737319f8104
- SHA1
  
  f0b5249c7f596eaf67828676a028c023356a6250
- SHA256
  
  5febef67530bca92f2a85b3f12e87f6a48d25b80cc0b17ce1e5f6965dd0df3a4
- SHA512
  
  431de02e3ae37907a59835ce034a016e0c6c03cf9d749d464a37ba53db3bf139c07afc93f6ea6f98efd386ab3ee7940f46843e12f45d424ebf5f655b83399ab4
- SSDEEP
  
  3072:FMHPp2YD4jMB2CSHfFBR5KVbweCS9j6RM/918mywPoIlq:FMHPp2tjxCSHfFBzK+XS98M/9OmywPo1
Score

9^/10

discovery
- Contacts a large (50283) amount of remote hosts
  This may indicate a network scan to discover remotely running services.
  discovery
- Creates a large amount of network flows
  This may indicate a network scan to discover remotely running services.
  discovery
- Modifies the Watchdog daemon
  Malware like Mirai modify the Watchdog to prevent it restarting an infected system.
- Writes file to system bin folder
- Reads runtime system information
  Reads data from /proc virtual filesystem.
behavioral1

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Hijack Execution Flow

Privilege Escalation

Hijack Execution Flow

Defense Evasion

Impair Defenses

Hijack Execution Flow

Credential Access

Discovery

Network Service Scanning

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1