mirai | 288cee437e602a748418bb8dff7053f6268b85e192eb29805e92c45fc81209d7 | Triage

Sharing

General

Target

botx.arm7.elf
Size

128KB
Sample

230428-q5s9msed57
MD5

e10d33eceea63f342e57f3c261935b85
SHA1

0fbc5526132b457c98408190668ba364dfc80cdf
SHA256

288cee437e602a748418bb8dff7053f6268b85e192eb29805e92c45fc81209d7
SHA512

064a50771c0ee5120d0487a315b06fc5c106acd9cfe14a42d0be6f97e5cd61e91e3d31f9d3a2193af121648d2deb67886fd6d2c3d7c069ff6dc5c8f6dfabf5a7
SSDEEP

3072:4MHPSeIp13MJNgSHfFBrDKiKweeS1j6VM/94LmywPoIlq:4MHPSeO3SgSHfFBXKQ3S1AM/94LmywPg

Score

10^/10

mirai condi discovery

Malware Config

Extracted

Family

mirai

Botnet

CONDI

Targets

- Target
  
  botx.arm7.elf
- Size
  
  128KB
- MD5
  
  e10d33eceea63f342e57f3c261935b85
- SHA1
  
  0fbc5526132b457c98408190668ba364dfc80cdf
- SHA256
  
  288cee437e602a748418bb8dff7053f6268b85e192eb29805e92c45fc81209d7
- SHA512
  
  064a50771c0ee5120d0487a315b06fc5c106acd9cfe14a42d0be6f97e5cd61e91e3d31f9d3a2193af121648d2deb67886fd6d2c3d7c069ff6dc5c8f6dfabf5a7
- SSDEEP
  
  3072:4MHPSeIp13MJNgSHfFBrDKiKweeS1j6VM/94LmywPoIlq:4MHPSeO3SgSHfFBXKQ3S1AM/94LmywPg
Score

9^/10

discovery
- Contacts a large (47209) amount of remote hosts
  This may indicate a network scan to discover remotely running services.
  discovery
- Creates a large amount of network flows
  This may indicate a network scan to discover remotely running services.
  discovery
- Modifies the Watchdog daemon
  Malware like Mirai modify the Watchdog to prevent it restarting an infected system.
- Writes file to system bin folder
- Changes its process name
behavioral1

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Hijack Execution Flow

Privilege Escalation

Hijack Execution Flow

Defense Evasion

Impair Defenses

Hijack Execution Flow

Credential Access

Discovery

Network Service Scanning

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1