mirai | 138a57ba868d36405d93bbb19061cdef1b2600f7e97eb46ac03441202ee5e211 | Triage

Submit
Reports

Overview

overview

Static

static

7

3e0b0c2014...aa.elf

debian-9-armhf

Sharing

General

Target

3e0b0c2014e2bf86e328bb7011579aaa.elf
Size

57KB
Sample

230513-zdj2bsbf2y
MD5

3e0b0c2014e2bf86e328bb7011579aaa
SHA1

5476315a86b12d0f6bd359212c8b631945fe6334
SHA256

138a57ba868d36405d93bbb19061cdef1b2600f7e97eb46ac03441202ee5e211
SHA512

284f3c6ee140d3fe976cc3fb7aa2a27a87b4d1b03349b9c2b26a9432d53913f9304019246aff6631d10201e67e14ae219991efad40c5edd35df7eb0d46ff805e
SSDEEP

768:B5vZRCdVnbBTnBNXj6u/+e2cQKHsrjBpYyTVb7b79q3UELcnPFHbeNNjfNBTBO7K:B5v/sbBTBojXLRjf5VnWLc97eNZzIm

Score

10^/10

mirai botnet discovery upx

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

3e0b0c2014e2bf86e328bb7011579aaa.elf

Resource

debian9-armhf-20221111-en

mirai botnet discovery

debian-9-armhf

8 signatures

150 seconds

Malware Config

Targets

- Target
  
  3e0b0c2014e2bf86e328bb7011579aaa.elf
- Size
  
  57KB
- MD5
  
  3e0b0c2014e2bf86e328bb7011579aaa
- SHA1
  
  5476315a86b12d0f6bd359212c8b631945fe6334
- SHA256
  
  138a57ba868d36405d93bbb19061cdef1b2600f7e97eb46ac03441202ee5e211
- SHA512
  
  284f3c6ee140d3fe976cc3fb7aa2a27a87b4d1b03349b9c2b26a9432d53913f9304019246aff6631d10201e67e14ae219991efad40c5edd35df7eb0d46ff805e
- SSDEEP
  
  768:B5vZRCdVnbBTnBNXj6u/+e2cQKHsrjBpYyTVb7b79q3UELcnPFHbeNNjfNBTBO7K:B5v/sbBTBojXLRjf5VnWLc97eNZzIm
Score

10^/10

mirai botnet discovery
- Mirai
  Mirai is a prevalent Linux malware infecting exposed network devices.
  botnet mirai
- Contacts a large (68826) amount of remote hosts
  This may indicate a network scan to discover remotely running services.
  discovery
- Creates a large amount of network flows
  This may indicate a network scan to discover remotely running services.
  discovery
- Changes its process name
- Enumerates active TCP sockets
  Gets active TCP sockets from /proc virtual filesystem.
- Reads system network configuration
  Uses contents of /proc filesystem to enumerate network settings.
- Reads runtime system information
  Reads data from /proc virtual filesystem.
- Writes file to tmp directory
  Malware often drops required files in the /tmp directory.
behavioral1

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Network Service Scanning

System Network Connections Discovery

System Network Configuration Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

miraibotnetdiscovery

© 2018-2024

Terms | Privacy