mirai | bf501dd5a3e9982aaed53b36eab1c08a620a923bfa37f3e4f1a17490578d756e | Triage

Submit
Reports

Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

Static

static

7

00d9fe0a6b...e5.elf

debian-9-armhf

Sharing

General

Target

98520685bcb57b1e7c903aa5b64e2d97.bin
Size

67KB
Sample

230502-b9f3jshd34
MD5

0c36ed73e97aadf97c4ddf492991ad0c
SHA1

522ed750b04dbe7ac15b5991993c7e42ad01937b
SHA256

bf501dd5a3e9982aaed53b36eab1c08a620a923bfa37f3e4f1a17490578d756e
SHA512

cea5b5ab265ab4db12f4923bc5dd245fb45981060948fee16f43d5c16689225963ab5a1210820e3c4dddbab8c3e16e16eca6f423616bcb6b8f9fab7df3055249
SSDEEP

1536:VO7jGu3KxosmRlTpLsEBhDT7Zs7Ii+HCJcEEA:VKjBEoJT9sEBJeF+HPE7

Score

10^/10

mirai kyton botnet discovery upx

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

00d9fe0a6bb4c16c51af172afcd42df3da3ac918af723d4c89465c80b74824e5.elf

Resource

debian9-armhf-en-20211208

mirai kyton botnet discovery

debian-9-armhf

9 signatures

150 seconds

Malware Config

Extracted

Family

mirai

Botnet

KYTON

Targets

- Target
  
  00d9fe0a6bb4c16c51af172afcd42df3da3ac918af723d4c89465c80b74824e5.elf
- Size
  
  68KB
- MD5
  
  98520685bcb57b1e7c903aa5b64e2d97
- SHA1
  
  6c7e69c20c02e498acd803863207646ef965a1fa
- SHA256
  
  00d9fe0a6bb4c16c51af172afcd42df3da3ac918af723d4c89465c80b74824e5
- SHA512
  
  396d9badc38762fe160985ea5e7b27e1ec4891eb20db321e28892eba46bc0491bf7b91b732566649fc435a7380b6bfb208ac6e027e0b5cb8249855c8d3cb2a63
- SSDEEP
  
  1536:bmuRtG/R7HiIb+wkqER7/kpevPyJTD/Lh1mhIJXXwi1zqP:blw/sIWPt/+eva5bLh1mCJXX/hO
Score

10^/10

mirai kyton botnet discovery
- Mirai
  Mirai is a prevalent Linux malware infecting exposed network devices.
  botnet mirai
- Contacts a large (81808) amount of remote hosts
  This may indicate a network scan to discover remotely running services.
  discovery
- Creates a large amount of network flows
  This may indicate a network scan to discover remotely running services.
  discovery
- Modifies the Watchdog daemon
  Malware like Mirai modify the Watchdog to prevent it restarting an infected system.
- Writes file to system bin folder
- Changes its process name
- Enumerates active TCP sockets
  Gets active TCP sockets from /proc virtual filesystem.
- Reads system network configuration
  Uses contents of /proc filesystem to enumerate network settings.
- Reads runtime system information
  Reads data from /proc virtual filesystem.
behavioral1

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Hijack Execution Flow

Privilege Escalation

Hijack Execution Flow

Defense Evasion

Hijack Execution Flow

Impair Defenses

Credential Access

Discovery

Network Service Scanning

System Network Configuration Discovery

System Network Connections Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

miraikytonbotnetdiscovery

© 2018-2025

Terms | Privacy