mirai | 3dd48d1dd56840b6e37b667a81995fe861270f8e97624aecb49dbb25de6f0163 | Triage

Sharing

General

Target

arm7.elf
Size

145KB
Sample

230318-tagh5scg79
MD5

362f9c66301cc614bd7f1ba7ab5be8ec
SHA1

6da033ce9e54cd3799b145ae51bef52aacc37e4b
SHA256

3dd48d1dd56840b6e37b667a81995fe861270f8e97624aecb49dbb25de6f0163
SHA512

d6117f005c0b00b37c6ae55a8165fdf6ce4632cd39de86e066f7be68a047ff2db6288c5fbe3a88879aced0e722840b9eef9d6d7afa2838da5f249d5344ef8fc7
SSDEEP

3072:7d8gZnSRkhcfaOUrLBdWAO6Fk4JVa0qWPATM/91jt7:7d8gZgfaOUrLBdvO6Vo0qWPEM/9Nt7

Score

10^/10

mirai discovery

Malware Config

Extracted

Family

mirai

C2

109.98.208.52

Targets

- Target
  
  arm7.elf
- Size
  
  145KB
- MD5
  
  362f9c66301cc614bd7f1ba7ab5be8ec
- SHA1
  
  6da033ce9e54cd3799b145ae51bef52aacc37e4b
- SHA256
  
  3dd48d1dd56840b6e37b667a81995fe861270f8e97624aecb49dbb25de6f0163
- SHA512
  
  d6117f005c0b00b37c6ae55a8165fdf6ce4632cd39de86e066f7be68a047ff2db6288c5fbe3a88879aced0e722840b9eef9d6d7afa2838da5f249d5344ef8fc7
- SSDEEP
  
  3072:7d8gZnSRkhcfaOUrLBdWAO6Fk4JVa0qWPATM/91jt7:7d8gZgfaOUrLBdvO6Vo0qWPEM/9Nt7
Score

9^/10

discovery
- Contacts a large (35059) amount of remote hosts
  This may indicate a network scan to discover remotely running services.
  discovery
- Creates a large amount of network flows
  This may indicate a network scan to discover remotely running services.
  discovery
- Reads runtime system information
  Reads data from /proc virtual filesystem.
behavioral1

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Network Service Scanning

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1