Overview

overview

10

Static

static

7

42eca5af3e...97.elf

debian-9-mipsel

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    42eca5af3ea9b13d88404974c1720197.elf

  • Size

    44KB

  • Sample

    230430-1nrdtsda29

  • MD5

    42eca5af3ea9b13d88404974c1720197

  • SHA1

    4caa835eefa6ad74817384123292814cad31149e

  • SHA256

    e049a4f5e8bccb9767124feb8a4eb55ab4715194630efabfa66ff929a3217cbf

  • SHA512

    763e72ac779f305d64b135f5a4bcf6feba4dbc5274b51236a2447f8f7aeb2613be0fdd3593fd1f596b30736c04011b7ffea9077244900e3c7a4205ead8ce96ec

  • SSDEEP

    768:fJS4GmW3BHKBa0BJXEALN5oSWgjYS62j5Zg3lyReMGXTUAiflWz:bGmqga0BJXEALNWghjaly0PTUAis

Score
10/10
miraikytonbotnetdiscoveryupx

Malware Config

Extracted

Family

mirai

Botnet

KYTON

Targets

    • Target

      42eca5af3ea9b13d88404974c1720197.elf

    • Size

      44KB

    • MD5

      42eca5af3ea9b13d88404974c1720197

    • SHA1

      4caa835eefa6ad74817384123292814cad31149e

    • SHA256

      e049a4f5e8bccb9767124feb8a4eb55ab4715194630efabfa66ff929a3217cbf

    • SHA512

      763e72ac779f305d64b135f5a4bcf6feba4dbc5274b51236a2447f8f7aeb2613be0fdd3593fd1f596b30736c04011b7ffea9077244900e3c7a4205ead8ce96ec

    • SSDEEP

      768:fJS4GmW3BHKBa0BJXEALN5oSWgjYS62j5Zg3lyReMGXTUAiflWz:bGmqga0BJXEALNWghjaly0PTUAis

    Score
    10/10
    miraikytonbotnetdiscovery

    • Mirai

      Mirai is a prevalent Linux malware infecting exposed network devices.

      botnetmirai

    • Contacts a large (112284) amount of remote hosts

      This may indicate a network scan to discover remotely running services.

      discovery

    • Creates a large amount of network flows

      This may indicate a network scan to discover remotely running services.

      discovery

    • Modifies the Watchdog daemon

      Malware like Mirai modify the Watchdog to prevent it restarting an infected system.

    • Writes file to system bin folder

    • Changes its process name

    • Enumerates active TCP sockets

      Gets active TCP sockets from /proc virtual filesystem.

    • Reads system network configuration

      Uses contents of /proc filesystem to enumerate network settings.

    • Reads runtime system information

      Reads data from /proc virtual filesystem.

    behavioral1

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Hijack Execution Flow

1
T1574

Privilege Escalation

Hijack Execution Flow

1
T1574

Defense Evasion

Impair Defenses

1
T1562

Hijack Execution Flow

1
T1574

Credential Access

Discovery

Network Service Scanning

2
T1046

System Network Connections Discovery

1
T1049

System Network Configuration Discovery

1
T1016

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks