mirai | 6f823967ec65f1f139f8e69bb27c1490eee3c4f323874e1f7686a869ef7b43dd | Triage

Sharing

General

Target

05d205b0556f0c9a9ab6ad99809d1328.elf
Size

128KB
Sample

230401-3w971seh4s
MD5

05d205b0556f0c9a9ab6ad99809d1328
SHA1

61b711c30f24edd5968ea91b1ac6305a61510744
SHA256

6f823967ec65f1f139f8e69bb27c1490eee3c4f323874e1f7686a869ef7b43dd
SHA512

95af4dc49db90c5dfc2f5f4fd4877cd56716762c9e1bb27bb9e56468d422a147107ebad1bef7b8cbcd0542a35cc93eb3451a6babe072474dfcf8b535d9d54dce
SSDEEP

3072:fMHPsiA/ixmIk+SHfFBeUKOhwePSNj6JM/99mywPoIlq:fMHPsiTx4+SHfFB3K1GSNUM/99mywPo1

Score

10^/10

mirai condi discovery

Malware Config

Extracted

Family

mirai

Botnet

CONDI

Targets

- Target
  
  05d205b0556f0c9a9ab6ad99809d1328.elf
- Size
  
  128KB
- MD5
  
  05d205b0556f0c9a9ab6ad99809d1328
- SHA1
  
  61b711c30f24edd5968ea91b1ac6305a61510744
- SHA256
  
  6f823967ec65f1f139f8e69bb27c1490eee3c4f323874e1f7686a869ef7b43dd
- SHA512
  
  95af4dc49db90c5dfc2f5f4fd4877cd56716762c9e1bb27bb9e56468d422a147107ebad1bef7b8cbcd0542a35cc93eb3451a6babe072474dfcf8b535d9d54dce
- SSDEEP
  
  3072:fMHPsiA/ixmIk+SHfFBeUKOhwePSNj6JM/99mywPoIlq:fMHPsiTx4+SHfFB3K1GSNUM/99mywPo1
Score

9^/10

discovery
- Contacts a large (50668) amount of remote hosts
  This may indicate a network scan to discover remotely running services.
  discovery
- Creates a large amount of network flows
  This may indicate a network scan to discover remotely running services.
  discovery
- Modifies the Watchdog daemon
  Malware like Mirai modify the Watchdog to prevent it restarting an infected system.
- Writes file to system bin folder
- Reads runtime system information
  Reads data from /proc virtual filesystem.
behavioral1

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Hijack Execution Flow

Privilege Escalation

Hijack Execution Flow

Defense Evasion

Impair Defenses

Hijack Execution Flow

Credential Access

Discovery

Network Service Scanning

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1