mirai | 90afe1dbb17c11ff9bc870842bcda7d9829a996b4f40de6a40e1235ce9d15fba | Triage

Sharing

General

Target

fedd7b9e3fb66cd8a521a5e1916696ae.elf
Size

104KB
Sample

230418-py23jabd83
MD5

fedd7b9e3fb66cd8a521a5e1916696ae
SHA1

8d74dc8783724da05a20135c7225d12c68dbb2aa
SHA256

90afe1dbb17c11ff9bc870842bcda7d9829a996b4f40de6a40e1235ce9d15fba
SHA512

ce03cc85fb2c31c130212e9c37f64d4086a59a31ee72bb2076b0c37ec1f5d44a2842067dbcdca8dbe4d8c5c1412bf4177f8c6d4ef8f7f946cd9ca1b57de92411
SSDEEP

3072:olhUX+jP9NWjVzH4hh+d2TBvMt9M/9QhMeF:oUujPWjVzH0hPvMXM/9QhMeF

Score

10^/10

mirai botnet discovery

Malware Config

Extracted

Family

mirai

Botnet

BOTNET

Targets

- Target
  
  fedd7b9e3fb66cd8a521a5e1916696ae.elf
- Size
  
  104KB
- MD5
  
  fedd7b9e3fb66cd8a521a5e1916696ae
- SHA1
  
  8d74dc8783724da05a20135c7225d12c68dbb2aa
- SHA256
  
  90afe1dbb17c11ff9bc870842bcda7d9829a996b4f40de6a40e1235ce9d15fba
- SHA512
  
  ce03cc85fb2c31c130212e9c37f64d4086a59a31ee72bb2076b0c37ec1f5d44a2842067dbcdca8dbe4d8c5c1412bf4177f8c6d4ef8f7f946cd9ca1b57de92411
- SSDEEP
  
  3072:olhUX+jP9NWjVzH4hh+d2TBvMt9M/9QhMeF:oUujPWjVzH0hPvMXM/9QhMeF
Score

9^/10

discovery
- Modifies the Watchdog daemon
  Malware like Mirai modify the Watchdog to prevent it restarting an infected system.
- Contacts a large (1493) amount of remote hosts
  This may indicate a network scan to discover remotely running services.
  discovery
- Reads runtime system information
  Reads data from /proc virtual filesystem.
- Writes file to tmp directory
  Malware often drops required files in the /tmp directory.
behavioral1

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Impair Defenses

Credential Access

Discovery

Network Service Scanning

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1