Overview

overview

10

Static

static

1

x86.elf

ubuntu-18.04-amd64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    x86.elf

  • Size

    28KB

  • Sample

    230428-nz5z5sff6t

  • MD5

    8bfd27fc20555a7d05cd59a6cee595dd

  • SHA1

    5bc18649490e7d357aa090cc65890f5ab14df229

  • SHA256

    12da7aac18b2a6cf3f1cec92cc21616087faaf5a469b3985d08bed24ee65a296

  • SHA512

    7f3217bbe0aa80b64c5caa2ee0ebcd2c0784336bebf91dd565e0dc8e0e2ed337f5a3f27fd5816ae35f1dac600080ac49ab8cc6b2de2fb650a85514516bf6224a

  • SSDEEP

    768:DYicrAqMzfOw7v6ZtlHV/5Haz6RGPbTHhVnbcuyD7UryqM:0zAVfbveHn6z5Pnouy8mqM

Score
10/10
miraikytonbotnetdiscoverylinux

Malware Config

Extracted

Family

mirai

Botnet

KYTON

Targets

    • Target

      x86.elf

    • Size

      28KB

    • MD5

      8bfd27fc20555a7d05cd59a6cee595dd

    • SHA1

      5bc18649490e7d357aa090cc65890f5ab14df229

    • SHA256

      12da7aac18b2a6cf3f1cec92cc21616087faaf5a469b3985d08bed24ee65a296

    • SHA512

      7f3217bbe0aa80b64c5caa2ee0ebcd2c0784336bebf91dd565e0dc8e0e2ed337f5a3f27fd5816ae35f1dac600080ac49ab8cc6b2de2fb650a85514516bf6224a

    • SSDEEP

      768:DYicrAqMzfOw7v6ZtlHV/5Haz6RGPbTHhVnbcuyD7UryqM:0zAVfbveHn6z5Pnouy8mqM

    Score
    10/10
    miraikytonbotnetdiscovery

    • Mirai

      Mirai is a prevalent Linux malware infecting exposed network devices.

      botnetmirai

    • Contacts a large (105632) amount of remote hosts

      This may indicate a network scan to discover remotely running services.

      discovery

    • Creates a large amount of network flows

      This may indicate a network scan to discover remotely running services.

      discovery

    • Modifies the Watchdog daemon

      Malware like Mirai modify the Watchdog to prevent it restarting an infected system.

    • Writes file to system bin folder

    • Changes its process name

    • Enumerates active TCP sockets

      Gets active TCP sockets from /proc virtual filesystem.

    • Reads system network configuration

      Uses contents of /proc filesystem to enumerate network settings.

    • Reads runtime system information

      Reads data from /proc virtual filesystem.

    behavioral1

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Hijack Execution Flow

1
T1574

Privilege Escalation

Hijack Execution Flow

1
T1574

Defense Evasion

Impair Defenses

1
T1562

Hijack Execution Flow

1
T1574

Credential Access

Discovery

Network Service Scanning

2
T1046

System Network Connections Discovery

1
T1049

System Network Configuration Discovery

1
T1016

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks