mirai | e2aaad94d1933f4d4ec660731e1a4da5af2d4ef15d0ab8d8bb17ae82877ac3f4 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

d609cd7134f2cfaca36467b59286f02e.elf
Size

70KB
Sample

230505-qms6xsag73
MD5

d609cd7134f2cfaca36467b59286f02e
SHA1

0d95c3d939d21bfa4d1187d65d8822bc8be2932f
SHA256

e2aaad94d1933f4d4ec660731e1a4da5af2d4ef15d0ab8d8bb17ae82877ac3f4
SHA512

6ca6d4c97cd052c0f20892364db8b8e99134b2dda9b514413b663ceae7a2135341b94bd993394256ab59a32447888d0d3604f8739cf9c1543ad906d1502d0b63
SSDEEP

768:R5zzEInDLyzIx17vejtiKuTR/3pXQB5HbeDfeRZeCffDdxhdOXi2QyW38:R5nEwvyzIx5xx5ABhCfEZ1ffDdxPKW

Score

10^/10

mirai botnet discovery

Malware Config

Extracted

Family

mirai

Botnet

BOTNET

Targets

- Target
  
  d609cd7134f2cfaca36467b59286f02e.elf
- Size
  
  70KB
- MD5
  
  d609cd7134f2cfaca36467b59286f02e
- SHA1
  
  0d95c3d939d21bfa4d1187d65d8822bc8be2932f
- SHA256
  
  e2aaad94d1933f4d4ec660731e1a4da5af2d4ef15d0ab8d8bb17ae82877ac3f4
- SHA512
  
  6ca6d4c97cd052c0f20892364db8b8e99134b2dda9b514413b663ceae7a2135341b94bd993394256ab59a32447888d0d3604f8739cf9c1543ad906d1502d0b63
- SSDEEP
  
  768:R5zzEInDLyzIx17vejtiKuTR/3pXQB5HbeDfeRZeCffDdxhdOXi2QyW38:R5nEwvyzIx5xx5ABhCfEZ1ffDdxPKW
Score

9^/10

discovery
- Contacts a large (243068) amount of remote hosts
  This may indicate a network scan to discover remotely running services.
  discovery
- Creates a large amount of network flows
  This may indicate a network scan to discover remotely running services.
  discovery
- Modifies the Watchdog daemon
  Malware like Mirai modify the Watchdog to prevent it restarting an infected system.
- Changes its process name
- Deletes itself
- Reads runtime system information
  Reads data from /proc virtual filesystem.
behavioral1

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Impair Defenses

Credential Access

Discovery

Network Service Scanning

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1