mirai | f37156d08947cadc02b422cd99d539f8599dcabce959838cd77aa510060195ff | Triage

Submit
Reports

Overview

overview

Static

static

7

3128bffe8b...d6.elf

debian-9-armhf

Sharing

General

Target

3128bffe8b7ec9bcfcf2a761fd4958d6.elf
Size

48KB
Sample

230503-tfmx4shb5y
MD5

3128bffe8b7ec9bcfcf2a761fd4958d6
SHA1

b938e0e0aca26825d991abd489f5bc07f81447b4
SHA256

f37156d08947cadc02b422cd99d539f8599dcabce959838cd77aa510060195ff
SHA512

11f0c59836cbc22b569bafda7e92276f34185f3ede5fce6eb61d5c8b16b5afb7777da3a4f6e5f50879bf3e661fe4cd3d6d56d3ea9d27e74252349c128502c48c
SSDEEP

1536:zzIVF/thIhT9sqavNL9YdyNXV7yixQnHY:zzkb8RsqalL90yNXV+ix64

Score

10^/10

mirai botnet botnet discovery upx

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

3128bffe8b7ec9bcfcf2a761fd4958d6.elf

Resource

debian9-armhf-20221111-en

mirai botnet botnet discovery

debian-9-armhf

8 signatures

150 seconds

Malware Config

Extracted

Family

mirai

Botnet

BOTNET

C2

cnc.kintaro.cc

Targets

- Target
  
  3128bffe8b7ec9bcfcf2a761fd4958d6.elf
- Size
  
  48KB
- MD5
  
  3128bffe8b7ec9bcfcf2a761fd4958d6
- SHA1
  
  b938e0e0aca26825d991abd489f5bc07f81447b4
- SHA256
  
  f37156d08947cadc02b422cd99d539f8599dcabce959838cd77aa510060195ff
- SHA512
  
  11f0c59836cbc22b569bafda7e92276f34185f3ede5fce6eb61d5c8b16b5afb7777da3a4f6e5f50879bf3e661fe4cd3d6d56d3ea9d27e74252349c128502c48c
- SSDEEP
  
  1536:zzIVF/thIhT9sqavNL9YdyNXV7yixQnHY:zzkb8RsqalL90yNXV+ix64
Score

10^/10

mirai botnet botnet discovery
- Mirai
  Mirai is a prevalent Linux malware infecting exposed network devices.
  botnet mirai
- Contacts a large (94468) amount of remote hosts
  This may indicate a network scan to discover remotely running services.
  discovery
- Creates a large amount of network flows
  This may indicate a network scan to discover remotely running services.
  discovery
- Modifies the Watchdog daemon
  Malware like Mirai modify the Watchdog to prevent it restarting an infected system.
- Changes its process name
- Enumerates active TCP sockets
  Gets active TCP sockets from /proc virtual filesystem.
- Reads system network configuration
  Uses contents of /proc filesystem to enumerate network settings.
- Reads runtime system information
  Reads data from /proc virtual filesystem.
behavioral1

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Impair Defenses

Credential Access

Discovery

Network Service Scanning

System Network Connections Discovery

System Network Configuration Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

miraibotnetbotnetdiscovery

© 2018-2024

Terms | Privacy