Overview

overview

10

Static

static

7

SecuriteIn...lf.bin

debian-9-mips

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    SecuriteInfo.com.Trojan.Linux.Generic.298766.32725.20286.elf.bin

  • Size

    26KB

  • Sample

    230511-xhl1dacd4z

  • MD5

    5e049ed7c60e7e05104d1d654161d868

  • SHA1

    b92ecbbdd86b5197aef0752bed2bf959803298f1

  • SHA256

    e61207e0bc6e69fd28d17073fb08256bc288be9ce949760dc0758d81447ed2d7

  • SHA512

    6a8b0d4077ffba105d765ec326e8e8ff62492b4753559b80ff3f79c9533a06d8075e863f161638d62cf8ce0802c8820c2c32b53aff70ae52f888d79e31b292be

  • SSDEEP

    768:WUnnuN5h5MO30lW1YhtXhWMbOiJgGlzDpbuR1JP:WUnurjMOLYLhWanVJuZ

Score
10/10
miraibotnetdiscoveryupx

Malware Config

Targets

    • Target

      SecuriteInfo.com.Trojan.Linux.Generic.298766.32725.20286.elf.bin

    • Size

      26KB

    • MD5

      5e049ed7c60e7e05104d1d654161d868

    • SHA1

      b92ecbbdd86b5197aef0752bed2bf959803298f1

    • SHA256

      e61207e0bc6e69fd28d17073fb08256bc288be9ce949760dc0758d81447ed2d7

    • SHA512

      6a8b0d4077ffba105d765ec326e8e8ff62492b4753559b80ff3f79c9533a06d8075e863f161638d62cf8ce0802c8820c2c32b53aff70ae52f888d79e31b292be

    • SSDEEP

      768:WUnnuN5h5MO30lW1YhtXhWMbOiJgGlzDpbuR1JP:WUnurjMOLYLhWanVJuZ

    Score
    10/10
    miraibotnetdiscovery

    • Mirai

      Mirai is a prevalent Linux malware infecting exposed network devices.

      botnetmirai

    • Contacts a large (80678) amount of remote hosts

      This may indicate a network scan to discover remotely running services.

      discovery

    • Creates a large amount of network flows

      This may indicate a network scan to discover remotely running services.

      discovery

    • Modifies the Watchdog daemon

      Malware like Mirai modify the Watchdog to prevent it restarting an infected system.

    • Changes its process name

    • Enumerates active TCP sockets

      Gets active TCP sockets from /proc virtual filesystem.

    • Reads system network configuration

      Uses contents of /proc filesystem to enumerate network settings.

    • Reads runtime system information

      Reads data from /proc virtual filesystem.

    behavioral1

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Impair Defenses

1
T1562

Credential Access

Discovery

Network Service Scanning

2
T1046

System Network Connections Discovery

1
T1049

System Network Configuration Discovery

1
T1016

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks