mirai | e823c9b9f486803d389a6c8106d816fb28ce39a9dda9ac0b1d1e0b446e11f698 | Triage

Sharing

General

Target

a045b87441ab4f911b4c8ef3283f3852.elf
Size

41KB
Sample

230328-p1rpkscg2t
MD5

a045b87441ab4f911b4c8ef3283f3852
SHA1

79bdc7d26da7b39bfbe72aa2d8cf96ccd07334cc
SHA256

e823c9b9f486803d389a6c8106d816fb28ce39a9dda9ac0b1d1e0b446e11f698
SHA512

5b1cd0a7f781ccc9907c9105585497034917b96ea69dff32e9648608fa7f7e822c0b6191d668431f1aee5bba056627d156ea772af660fa332f16c61bc2135477
SSDEEP

768:b4U9FiNjEB5NXpx19OlqxHgSWpi23UnuXq8QY/Bo8G9rSLCB:lojEB5Bpx19OsxH2iRW/qlOLC

Score

10^/10

mirai botnet discovery linux

Malware Config

Extracted

Family

mirai

Botnet

BOTNET

Targets

- Target
  
  a045b87441ab4f911b4c8ef3283f3852.elf
- Size
  
  41KB
- MD5
  
  a045b87441ab4f911b4c8ef3283f3852
- SHA1
  
  79bdc7d26da7b39bfbe72aa2d8cf96ccd07334cc
- SHA256
  
  e823c9b9f486803d389a6c8106d816fb28ce39a9dda9ac0b1d1e0b446e11f698
- SHA512
  
  5b1cd0a7f781ccc9907c9105585497034917b96ea69dff32e9648608fa7f7e822c0b6191d668431f1aee5bba056627d156ea772af660fa332f16c61bc2135477
- SSDEEP
  
  768:b4U9FiNjEB5NXpx19OlqxHgSWpi23UnuXq8QY/Bo8G9rSLCB:lojEB5Bpx19OsxH2iRW/qlOLC
Score

9^/10

discovery
- Contacts a large (73694) amount of remote hosts
  This may indicate a network scan to discover remotely running services.
  discovery
- Creates a large amount of network flows
  This may indicate a network scan to discover remotely running services.
  discovery
- Modifies the Watchdog daemon
  Malware like Mirai modify the Watchdog to prevent it restarting an infected system.
- Reads runtime system information
  Reads data from /proc virtual filesystem.
behavioral1

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Impair Defenses

Credential Access

Discovery

Network Service Scanning

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1