mirai | 457959a9c1876b4221c425248be1e3d378accf16e550417b2b704a06e3165e40 | Triage

Submit
Reports

Overview

overview

Static

static

7

SecuriteIn...45.elf

debian-9-mips

Sharing

General

Target

SecuriteInfo.com.Heur.20230513223225134795345.elf
Size

33KB
Sample

230513-2dmhkabh2t
MD5

90c62ced3946ffc2d5bb8a4c79b1abd3
SHA1

ce482af58a7f1e9b4aba5da412482f06b704e452
SHA256

457959a9c1876b4221c425248be1e3d378accf16e550417b2b704a06e3165e40
SHA512

a6e9a110f64b677365e724b4cd532dc912519d5b1214172eea16819599fae8624fa956ef291800d639760d5bb7f710555574c4b61edc1db3b6b893c36f3eea41
SSDEEP

768:uKe7RhDec/rWibTZXJ05bgt/Spjr2mKtgcQk//xJgGlzDpbuR1J2:ohCc/KiXYbgYOv//DVJu8

Score

10^/10

mirai botnet discovery upx

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

SecuriteInfo.com.Heur.20230513223225134795345.elf

Resource

debian9-mipsbe-en-20211208

mirai botnet discovery

debian-9-mips

8 signatures

150 seconds

Malware Config

Targets

- Target
  
  SecuriteInfo.com.Heur.20230513223225134795345.elf
- Size
  
  33KB
- MD5
  
  90c62ced3946ffc2d5bb8a4c79b1abd3
- SHA1
  
  ce482af58a7f1e9b4aba5da412482f06b704e452
- SHA256
  
  457959a9c1876b4221c425248be1e3d378accf16e550417b2b704a06e3165e40
- SHA512
  
  a6e9a110f64b677365e724b4cd532dc912519d5b1214172eea16819599fae8624fa956ef291800d639760d5bb7f710555574c4b61edc1db3b6b893c36f3eea41
- SSDEEP
  
  768:uKe7RhDec/rWibTZXJ05bgt/Spjr2mKtgcQk//xJgGlzDpbuR1J2:ohCc/KiXYbgYOv//DVJu8
Score

10^/10

mirai botnet discovery
- Mirai
  Mirai is a prevalent Linux malware infecting exposed network devices.
  botnet mirai
- Contacts a large (69596) amount of remote hosts
  This may indicate a network scan to discover remotely running services.
  discovery
- Creates a large amount of network flows
  This may indicate a network scan to discover remotely running services.
  discovery
- Changes its process name
- Enumerates active TCP sockets
  Gets active TCP sockets from /proc virtual filesystem.
- Reads system network configuration
  Uses contents of /proc filesystem to enumerate network settings.
- Reads runtime system information
  Reads data from /proc virtual filesystem.
- Writes file to tmp directory
  Malware often drops required files in the /tmp directory.
behavioral1

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Network Service Scanning

System Network Configuration Discovery

System Network Connections Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

miraibotnetdiscovery

© 2018-2024

Terms | Privacy