mirai | 6c4cc74954ed4612d7984b79eb2f9ebfeafc2cd8605677b1cb28115e8e5faca3 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

cc5aa98741db6e41c9683986f1a0874f.elf
Size

42KB
Sample

230426-f5z23shc2w
MD5

cc5aa98741db6e41c9683986f1a0874f
SHA1

b84436b749c0cb1e994922627233f0b63a5f6457
SHA256

6c4cc74954ed4612d7984b79eb2f9ebfeafc2cd8605677b1cb28115e8e5faca3
SHA512

a325a92781beda743678fb899469d10a4c7abb5c4f8c93a0c6b8b0e4d3ecea27c99d21a0a8305d42b6a3a1c0e1c8ae8c54c4b95c5140e314441bc96e6d624a79
SSDEEP

768:o7oXUEEVupdcv0H6ew5wDe9eUgeMH6p/d+XijT5tN6tp:o79XLJT+8hghap1jNo

Score

10^/10

mirai

Malware Config

Targets

- Target
  
  cc5aa98741db6e41c9683986f1a0874f.elf
- Size
  
  42KB
- MD5
  
  cc5aa98741db6e41c9683986f1a0874f
- SHA1
  
  b84436b749c0cb1e994922627233f0b63a5f6457
- SHA256
  
  6c4cc74954ed4612d7984b79eb2f9ebfeafc2cd8605677b1cb28115e8e5faca3
- SHA512
  
  a325a92781beda743678fb899469d10a4c7abb5c4f8c93a0c6b8b0e4d3ecea27c99d21a0a8305d42b6a3a1c0e1c8ae8c54c4b95c5140e314441bc96e6d624a79
- SSDEEP
  
  768:o7oXUEEVupdcv0H6ew5wDe9eUgeMH6p/d+XijT5tN6tp:o79XLJT+8hghap1jNo
Score

9^/10
- Modifies the Watchdog daemon
  Malware like Mirai modify the Watchdog to prevent it restarting an infected system.
- Changes its process name
- Deletes itself
- Enumerates active TCP sockets
  Gets active TCP sockets from /proc virtual filesystem.
- Reads system network configuration
  Uses contents of /proc filesystem to enumerate network settings.
- Reads runtime system information
  Reads data from /proc virtual filesystem.
behavioral1

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Impair Defenses

Credential Access

Discovery

System Network Configuration Discovery

System Network Connections Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1