mirai | 7b27e3245908a506cf3372e4134d1dd77c0d42e0afe815bd6e50dadec1f2fd6b | Triage

Sharing

Copy URL Twitter E-mail

General

Target

nigga.mips.elf
Size

78KB
Sample

230323-zd5yssca2z
MD5

586eeca30194a598139d07f830ca475c
SHA1

78c364a6948655497dccb33fb92ae3d494a5d0da
SHA256

7b27e3245908a506cf3372e4134d1dd77c0d42e0afe815bd6e50dadec1f2fd6b
SHA512

c96a3d6bb90029ee0364186e90c09f0e8dec0193a0ea674f9fc8c01cd0a340b14e703b1ee4886fb755bbfae3d51368ca1bb86ec3ff48a62536375776eb34ae3f
SSDEEP

768:SVf6jVtas68qOwV8InABA9rGizHvifit3N2ePqmljwQniGqW8mK/vtDvxuRVJycv:JFOH1G8a9CRqW8v/ZsBeVPogxYB

Score

10^/10

mirai discovery

Malware Config

Extracted

Family

mirai

C2

admin.duc3k.com

Targets

- Target
  
  nigga.mips.elf
- Size
  
  78KB
- MD5
  
  586eeca30194a598139d07f830ca475c
- SHA1
  
  78c364a6948655497dccb33fb92ae3d494a5d0da
- SHA256
  
  7b27e3245908a506cf3372e4134d1dd77c0d42e0afe815bd6e50dadec1f2fd6b
- SHA512
  
  c96a3d6bb90029ee0364186e90c09f0e8dec0193a0ea674f9fc8c01cd0a340b14e703b1ee4886fb755bbfae3d51368ca1bb86ec3ff48a62536375776eb34ae3f
- SSDEEP
  
  768:SVf6jVtas68qOwV8InABA9rGizHvifit3N2ePqmljwQniGqW8mK/vtDvxuRVJycv:JFOH1G8a9CRqW8v/ZsBeVPogxYB
Score

9^/10

discovery
- Contacts a large (35575) amount of remote hosts
  This may indicate a network scan to discover remotely running services.
  discovery
- Creates a large amount of network flows
  This may indicate a network scan to discover remotely running services.
  discovery
- Modifies the Watchdog daemon
  Malware like Mirai modify the Watchdog to prevent it restarting an infected system.
- Writes file to system bin folder
- Reads runtime system information
  Reads data from /proc virtual filesystem.
behavioral1

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Hijack Execution Flow

Privilege Escalation

Hijack Execution Flow

Defense Evasion

Hijack Execution Flow

Impair Defenses

Credential Access

Discovery

Network Service Scanning

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1