mirai | b8e7275225b044f5f6a2b96341e61731fd1791daa599e6aa819c759f3d6ceb71 | Triage

Submit
Reports

Overview

overview

Static

static

7

a3e3ce2457...14.elf

debian-9-mipsel

Sharing

General

Target

a3e3ce2457cb9250c1859c8111cf2e14.elf
Size

27KB
Sample

230503-tfmmcafb99
MD5

a3e3ce2457cb9250c1859c8111cf2e14
SHA1

875e7131f699802f06c0c05748f69dd7fb56d7f8
SHA256

b8e7275225b044f5f6a2b96341e61731fd1791daa599e6aa819c759f3d6ceb71
SHA512

0f27ba21b227c5904a68f1c09e5f2ad5220aa2a54482f1659b5ae6f2ea909d5ada977cc915c19542edcb580dff9d8037083a5122765d7dd3adabeee946fd5400
SSDEEP

768:O1Jnr9HMs0aNafCBtoGKYF3cTXmfhulIKWy:c9lpSli3ce9K

Score

10^/10

mirai botnet botnet discovery upx

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

a3e3ce2457cb9250c1859c8111cf2e14.elf

Resource

debian9-mipsel-en-20211208

mirai botnet botnet discovery

debian-9-mipsel

8 signatures

150 seconds

Malware Config

Extracted

Family

mirai

Botnet

BOTNET

C2

cnc.kintaro.cc

Targets

- Target
  
  a3e3ce2457cb9250c1859c8111cf2e14.elf
- Size
  
  27KB
- MD5
  
  a3e3ce2457cb9250c1859c8111cf2e14
- SHA1
  
  875e7131f699802f06c0c05748f69dd7fb56d7f8
- SHA256
  
  b8e7275225b044f5f6a2b96341e61731fd1791daa599e6aa819c759f3d6ceb71
- SHA512
  
  0f27ba21b227c5904a68f1c09e5f2ad5220aa2a54482f1659b5ae6f2ea909d5ada977cc915c19542edcb580dff9d8037083a5122765d7dd3adabeee946fd5400
- SSDEEP
  
  768:O1Jnr9HMs0aNafCBtoGKYF3cTXmfhulIKWy:c9lpSli3ce9K
Score

10^/10

mirai botnet botnet discovery
- Mirai
  Mirai is a prevalent Linux malware infecting exposed network devices.
  botnet mirai
- Contacts a large (97491) amount of remote hosts
  This may indicate a network scan to discover remotely running services.
  discovery
- Creates a large amount of network flows
  This may indicate a network scan to discover remotely running services.
  discovery
- Modifies the Watchdog daemon
  Malware like Mirai modify the Watchdog to prevent it restarting an infected system.
- Changes its process name
- Enumerates active TCP sockets
  Gets active TCP sockets from /proc virtual filesystem.
- Reads system network configuration
  Uses contents of /proc filesystem to enumerate network settings.
- Reads runtime system information
  Reads data from /proc virtual filesystem.
behavioral1

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Impair Defenses

Credential Access

Discovery

Network Service Scanning

System Network Connections Discovery

System Network Configuration Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

miraibotnetbotnetdiscovery

© 2018-2024

Terms | Privacy