mirai | b1e3c1f0c94806955ffd1a0edb4482915c63d777719bceb4328c6201c21f618c | Triage

Sharing

General

Target

27f8d14807778c561febb2a4598ab022.elf
Size

61KB
Sample

230327-hysersec3x
MD5

27f8d14807778c561febb2a4598ab022
SHA1

337ab75951e90b660d47977645f33e2598ad645c
SHA256

b1e3c1f0c94806955ffd1a0edb4482915c63d777719bceb4328c6201c21f618c
SHA512

800cfe6a104587f122aa2f8d2fc7ec603bc6e0fec21d2b501d8b60b9247ba3d85aff6c224ad59e4aa006a0b30ffc11f3aafaede70af74f768055d6ab9d4108f4
SSDEEP

1536:dpmbSQ6U3q7cCBT/lZsK/XDiQHLiKimfFoktCe3fYRME:WShU3q7cEDlCK/XDP9i8Fok06fYRD

Score

10^/10

mirai discovery linux

Malware Config

Extracted

Family

mirai

C2

botnet.l7c7.com

Targets

- Target
  
  27f8d14807778c561febb2a4598ab022.elf
- Size
  
  61KB
- MD5
  
  27f8d14807778c561febb2a4598ab022
- SHA1
  
  337ab75951e90b660d47977645f33e2598ad645c
- SHA256
  
  b1e3c1f0c94806955ffd1a0edb4482915c63d777719bceb4328c6201c21f618c
- SHA512
  
  800cfe6a104587f122aa2f8d2fc7ec603bc6e0fec21d2b501d8b60b9247ba3d85aff6c224ad59e4aa006a0b30ffc11f3aafaede70af74f768055d6ab9d4108f4
- SSDEEP
  
  1536:dpmbSQ6U3q7cCBT/lZsK/XDiQHLiKimfFoktCe3fYRME:WShU3q7cEDlCK/XDP9i8Fok06fYRD
Score

9^/10

discovery
- Contacts a large (37370) amount of remote hosts
  This may indicate a network scan to discover remotely running services.
  discovery
- Creates a large amount of network flows
  This may indicate a network scan to discover remotely running services.
  discovery
- Reads runtime system information
  Reads data from /proc virtual filesystem.
behavioral1

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Network Service Scanning

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1