mirai | 674951eac1bc09caa76859b03ef08df469413f1b4966f5827aba25953e25dae9 | Triage

Submit
Reports

Overview

overview

Static

static

7

meow.x86.elf

ubuntu-18.04-amd64

Sharing

General

Target

meow.x86.elf
Size

29KB
Sample

230426-hh292ahe5t
MD5

a856ca530934591abd623f8656c89852
SHA1

89db3ddac29e9ac4b8c7471c91399ebf2c76fe78
SHA256

674951eac1bc09caa76859b03ef08df469413f1b4966f5827aba25953e25dae9
SHA512

06939283c4dd2987032b0cd56f66fc24847aefddcd10c2f69fd762d1df06f88a7a92ae5f982c498a44408efcc62ef9dd959aab483c1cb401b08a455af6ac7da4
SSDEEP

768:51XI5lPlSF26OqBC9ruraMvi1U2VCPRKsLzukv7ji:DaUv7C9qaiiTsLzuC7m

Score

10^/10

mirai botnet discovery linux upx

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

meow.x86.elf

Resource

ubuntu1804-amd64-en-20211208

mirai botnet discovery

ubuntu-18.04-amd64

8 signatures

150 seconds

Malware Config

Extracted

Family

mirai

C2

bn.vboot.pw

Targets

- Target
  
  meow.x86.elf
- Size
  
  29KB
- MD5
  
  a856ca530934591abd623f8656c89852
- SHA1
  
  89db3ddac29e9ac4b8c7471c91399ebf2c76fe78
- SHA256
  
  674951eac1bc09caa76859b03ef08df469413f1b4966f5827aba25953e25dae9
- SHA512
  
  06939283c4dd2987032b0cd56f66fc24847aefddcd10c2f69fd762d1df06f88a7a92ae5f982c498a44408efcc62ef9dd959aab483c1cb401b08a455af6ac7da4
- SSDEEP
  
  768:51XI5lPlSF26OqBC9ruraMvi1U2VCPRKsLzukv7ji:DaUv7C9qaiiTsLzuC7m
Score

10^/10

mirai botnet discovery
- Mirai
  Mirai is a prevalent Linux malware infecting exposed network devices.
  botnet mirai
- Contacts a large (243837) amount of remote hosts
  This may indicate a network scan to discover remotely running services.
  discovery
- Creates a large amount of network flows
  This may indicate a network scan to discover remotely running services.
  discovery
- Modifies the Watchdog daemon
  Malware like Mirai modify the Watchdog to prevent it restarting an infected system.
- Changes its process name
- Enumerates active TCP sockets
  Gets active TCP sockets from /proc virtual filesystem.
- Reads system network configuration
  Uses contents of /proc filesystem to enumerate network settings.
- Reads runtime system information
  Reads data from /proc virtual filesystem.
behavioral1

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Impair Defenses

Credential Access

Discovery

Network Service Scanning

System Network Connections Discovery

System Network Configuration Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

miraibotnetdiscovery

© 2018-2024

Terms | Privacy