Overview

overview

10

Static

static

7

89ded71040...fc.elf

debian-9-mipsel

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    d4ce6a8367d840118afdb064c639cc74.bin

  • Size

    35KB

  • Sample

    230506-d1q79sab3x

  • MD5

    5163206e01ecaeecfc652315778747d4

  • SHA1

    6c986d4a088feac05558d590803bc580a53cb6bf

  • SHA256

    3953d20f417441a7a2a2616b9a3b4f2b40b29453baacab4d66d184d4f5409338

  • SHA512

    043546b733834e6a1251ba57a83bf9abcd6868276e38e4fc5db999ec4cc404ae41698ec03191548fb19d374946774f73b935308b5405be1837b212e772a7030b

  • SSDEEP

    768:O4oJDRD94XQpP8OpiUNTHFyhVDFvB14Li3MN+XP1pjY31m3bHERvk:ODhRPppp5NTlCVDF5CuW+XdGML28

Score
10/10
miraiunstablebotnetdiscoveryupx

Malware Config

Extracted

Family

mirai

Botnet

UNSTABLE

Targets

    • Target

      89ded71040f0f0b728b5ce4d9c0affd87bae2e227068b515fc8099f6ea310ffc.elf

    • Size

      37KB

    • MD5

      d4ce6a8367d840118afdb064c639cc74

    • SHA1

      85cf4120be8faf5c3736a7045d4a5921fe5ab542

    • SHA256

      89ded71040f0f0b728b5ce4d9c0affd87bae2e227068b515fc8099f6ea310ffc

    • SHA512

      7279bb9dc79281d0283b24ee5ffccb32bd2959d400e959ab7f8d2fa7a20173e63b350d94daeb4e27224cf2c4545a6e7a928b7c9daffb7c403ab8c49665909d0d

    • SSDEEP

      768:8cFiyluiEduvR0MrPNjIvSGb22VjGqxQLZUiBxTQFTT9nsd6WMI:vFdY4ynbV6BLh7QRT9nUx

    Score
    10/10
    miraiunstablebotnetdiscovery

    • Mirai

      Mirai is a prevalent Linux malware infecting exposed network devices.

      botnetmirai

    • Contacts a large (147442) amount of remote hosts

      This may indicate a network scan to discover remotely running services.

      discovery

    • Creates a large amount of network flows

      This may indicate a network scan to discover remotely running services.

      discovery

    • Modifies the Watchdog daemon

      Malware like Mirai modify the Watchdog to prevent it restarting an infected system.

    • Writes file to system bin folder

    • Changes its process name

    • Reads runtime system information

      Reads data from /proc virtual filesystem.

    behavioral1

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Hijack Execution Flow

1
T1574

Privilege Escalation

Hijack Execution Flow

1
T1574

Defense Evasion

Impair Defenses

1
T1562

Hijack Execution Flow

1
T1574

Credential Access

Discovery

Network Service Scanning

2
T1046

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks