mirai | da56797ce94edb327d27a38350f1ac81edc00e755c423064464c07d1c58f564c | Triage

Submit
Reports

Overview

overview

Static

static

7

SecuriteIn...70.elf

debian-9-armhf

Sharing

General

Target

SecuriteInfo.com.Gen.Variant.Trojan.Linux.Gafgyt.8.30058.6070.elf
Size

51KB
Sample

230430-dzrgmsfb3w
MD5

b03e2150d6fc9c256b4fad1f644ba3fb
SHA1

65466e5cd9cc1f3dbb0f47354258d6bea8f907de
SHA256

da56797ce94edb327d27a38350f1ac81edc00e755c423064464c07d1c58f564c
SHA512

f34ed32cf261e800e61388eea43d8721139356b47763defb06b6f2956650af0553d0e4e467610d615772432789c3a827f077e36305374795dd8aef2817251a21
SSDEEP

768:Jc5/VxsZBk6vdoxs3cEWkui8FTAI27PvbhTsr9iOFfyPGKX9q3UELah/dKZ5JF6e:u/VxOBRB3c5kumDza5iOp1LoKWl/giED

Score

10^/10

mirai unst botnet discovery upx

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

SecuriteInfo.com.Gen.Variant.Trojan.Linux.Gafgyt.8.30058.6070.elf

Resource

debian9-armhf-en-20211208

mirai unst botnet discovery

debian-9-armhf

7 signatures

150 seconds

Malware Config

Extracted

Family

mirai

Botnet

UNST

Targets

- Target
  
  SecuriteInfo.com.Gen.Variant.Trojan.Linux.Gafgyt.8.30058.6070.elf
- Size
  
  51KB
- MD5
  
  b03e2150d6fc9c256b4fad1f644ba3fb
- SHA1
  
  65466e5cd9cc1f3dbb0f47354258d6bea8f907de
- SHA256
  
  da56797ce94edb327d27a38350f1ac81edc00e755c423064464c07d1c58f564c
- SHA512
  
  f34ed32cf261e800e61388eea43d8721139356b47763defb06b6f2956650af0553d0e4e467610d615772432789c3a827f077e36305374795dd8aef2817251a21
- SSDEEP
  
  768:Jc5/VxsZBk6vdoxs3cEWkui8FTAI27PvbhTsr9iOFfyPGKX9q3UELah/dKZ5JF6e:u/VxOBRB3c5kumDza5iOp1LoKWl/giED
Score

10^/10

mirai unst botnet discovery
- Mirai
  Mirai is a prevalent Linux malware infecting exposed network devices.
  botnet mirai
- Contacts a large (57733) amount of remote hosts
  This may indicate a network scan to discover remotely running services.
  discovery
- Creates a large amount of network flows
  This may indicate a network scan to discover remotely running services.
  discovery
- Modifies the Watchdog daemon
  Malware like Mirai modify the Watchdog to prevent it restarting an infected system.
- Enumerates active TCP sockets
  Gets active TCP sockets from /proc virtual filesystem.
- Reads system network configuration
  Uses contents of /proc filesystem to enumerate network settings.
- Reads runtime system information
  Reads data from /proc virtual filesystem.
behavioral1

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Impair Defenses

Credential Access

Discovery

Network Service Scanning

System Network Connections Discovery

System Network Configuration Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

miraiunstbotnetdiscovery

© 2018-2024

Terms | Privacy