mirai | 618f0537287823780149e50487bbd593db701a0b39a07f5d768118b2786f49a4 | Triage

Sharing

General

Target

fdbe4eac86a5b510242bb8b2d7457842.elf
Size

113KB
Sample

230408-3m9vwsfg99
MD5

fdbe4eac86a5b510242bb8b2d7457842
SHA1

21cc7ce32d8f6a1e5db32ef626908d3414f4aa4e
SHA256

618f0537287823780149e50487bbd593db701a0b39a07f5d768118b2786f49a4
SHA512

47b12154cd744854f69427d75c7858dd7d4c92fd16f191cf43fc7205744acefb16bec15f4aed5f9e7204bd4da323b53fb66979a9a7057360c5f6c36e352541f0
SSDEEP

3072:l3S9polRqZwOd1VXYP9OZ0beDXsesiM/93bQP:l3S9polGwOd1VI1OIiXsehM/93bQP

Score

10^/10

mirai condi

Malware Config

Extracted

Family

mirai

Botnet

CONDI

C2

cnc.condinet.cf

report.condinet.cf

Targets

- Target
  
  fdbe4eac86a5b510242bb8b2d7457842.elf
- Size
  
  113KB
- MD5
  
  fdbe4eac86a5b510242bb8b2d7457842
- SHA1
  
  21cc7ce32d8f6a1e5db32ef626908d3414f4aa4e
- SHA256
  
  618f0537287823780149e50487bbd593db701a0b39a07f5d768118b2786f49a4
- SHA512
  
  47b12154cd744854f69427d75c7858dd7d4c92fd16f191cf43fc7205744acefb16bec15f4aed5f9e7204bd4da323b53fb66979a9a7057360c5f6c36e352541f0
- SSDEEP
  
  3072:l3S9polRqZwOd1VXYP9OZ0beDXsesiM/93bQP:l3S9polGwOd1VI1OIiXsehM/93bQP
Score

7^/10
- Enumerates active TCP sockets
  Gets active TCP sockets from /proc virtual filesystem.
- Reads system network configuration
  Uses contents of /proc filesystem to enumerate network settings.
behavioral1

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Network Connections Discovery

System Network Configuration Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1