mirai | 4fe76665822bc651a56dd715c2a834d4b6305840684b5dc8f3e06e6a378c0bec

Analysis

max time kernel
150s
max time network
155s
platform
debian-9_mips
resource
debian9-mipsbe-20221111-en
resource tags

arch:mipsimage:debian9-mipsbe-20221111-enkernel:4.9.0-13-4kc-maltalocale:en-usos:debian-9-mipssystem
submitted
01-05-2023 01:33

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

828c63fa811ff30d82d3b856ed4e1005ce2a03fd14d80a34a86a5f368e18a758.elf
Size

29KB
MD5

532d634e636df94d048ffe5d14070515
SHA1

79a02c1a8c9fc711c839d4b2a42609f715d3a2dd
SHA256

828c63fa811ff30d82d3b856ed4e1005ce2a03fd14d80a34a86a5f368e18a758
SHA512

ca909cf74d8136d1fe4fc6520398278fa4e47d39e522866737e80d40e6b9468b4a57c262a9089a7b83d8a13bbcb81882d59517b17159668be66731cdd1b5f719
SSDEEP

768:LK6ZNaTDl14+35/uPg6f3+1IisZMUzltx+HnhmyJgGlzDpbuR1Jd:L1CDn4+3MY6ftiFUht8Hs2VJu/

Score

10^/10

mirai unst botnet discovery

Malware Config

Extracted

Family

mirai

Botnet

UNST

Signatures

Mirai
Mirai is a prevalent Linux malware infecting exposed network devices.
botnet mirai
Contacts a large (60786) amount of remote hosts 1 TTPs
This may indicate a network scan to discover remotely running services.
discovery

Network Service Scanning
T1046
Creates a large amount of network flows 1 TTPs
This may indicate a network scan to discover remotely running services.
discovery

Network Service Scanning
T1046
Modifies the Watchdog daemon 1 TTPs
Malware like Mirai modify the Watchdog to prevent it restarting an infected system.

Impair Defenses
T1562

Enumerates active TCP sockets 1 TTPs 2 IoCs

Gets active TCP sockets from /proc virtual filesystem.

System Network Connections Discovery

T1049

Processes:

828c63fa811ff30d82d3b856ed4e1005ce2a03fd14d80a34a86a5f368e18a758.elf

description	ioc	process
File opened for reading	/proc/net/tcp	828c63fa811ff30d82d3b856ed4e1005ce2a03fd14d80a34a86a5f368e18a758.elf
File opened for reading	/proc/net/tcp

Reads system network configuration 1 TTPs 2 IoCs

Uses contents of /proc filesystem to enumerate network settings.

System Network Configuration Discovery

T1016

Processes:

828c63fa811ff30d82d3b856ed4e1005ce2a03fd14d80a34a86a5f368e18a758.elf

description	ioc	process
File opened for reading	/proc/net/tcp	828c63fa811ff30d82d3b856ed4e1005ce2a03fd14d80a34a86a5f368e18a758.elf
File opened for reading	/proc/net/tcp

Reads runtime system information 25 IoCs

Reads data from /proc virtual filesystem.

Processes:

description	ioc
File opened for reading	/proc/215/fd
File opened for reading	/proc/252/fd
File opened for reading	/proc/254/fd
File opened for reading	/proc/284/fd
File opened for reading	/proc/290/fd
File opened for reading	/proc/304/fd
File opened for reading	/proc/342/fd
File opened for reading	/proc/139/fd
File opened for reading	/proc/155/fd
File opened for reading	/proc/223/fd
File opened for reading	/proc/224/fd
File opened for reading	/proc/227/fd
File opened for reading	/proc/228/fd
File opened for reading	/proc/258/fd
File opened for reading	/proc/303/fd
File opened for reading	/proc/1/fd
File opened for reading	/proc/347/fd
File opened for reading	/proc/349/fd
File opened for reading	/proc/338/fd
File opened for reading	/proc/332/fd
File opened for reading	/proc/348/fd
File opened for reading	/proc/353/fd
File opened for reading	/proc/347/exe
File opened for reading	/proc/292/fd
File opened for reading	/proc/344/fd

/tmp/828c63fa811ff30d82d3b856ed4e1005ce2a03fd14d80a34a86a5f368e18a758.elf
/tmp/828c63fa811ff30d82d3b856ed4e1005ce2a03fd14d80a34a86a5f368e18a758.elf
1⤵
- Enumerates active TCP sockets
- Reads system network configuration
PID:337

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Impair Defenses

T1562

Credential Access

Discovery

Network Service Scanning

T1046

System Network Configuration Discovery

T1016

System Network Connections Discovery

T1049

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

memory/337-1-0x00400000-0x00457ca8-memory.dmp

Download