mirai | d07280becf607fa4e06dd4ac50d2cb51683e90ee4b3db0abc1c347068fa21b38 | Triage

Submit
Reports

Overview

overview

Static

static

7

98cf4da6c2...ac.elf

debian-9-mipsel

Sharing

General

Target

98cf4da6c211b5bfe3611564d11c0cac.elf
Size

34KB
Sample

230513-zmkzzsbf6s
MD5

98cf4da6c211b5bfe3611564d11c0cac
SHA1

6266d294924c49e8c8eb835c5041833a68c14001
SHA256

d07280becf607fa4e06dd4ac50d2cb51683e90ee4b3db0abc1c347068fa21b38
SHA512

07b6060abb199f928f00ea1a2e5ea6d7d6aa6b7987fa8d92e73e3c3ef937915a43f63ab3ad5939125002f7a479d541003f30ca606b3b2569cd86785a700b2dce
SSDEEP

768:Qjit3osnfUPVMmz9kOnjBGafdQm2SEWVaY++6QWx:L3s2WkOndGMQmwWVaY++6r

Score

10^/10

mirai botnet discovery upx

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

98cf4da6c211b5bfe3611564d11c0cac.elf

Resource

debian9-mipsel-20221111-en

mirai botnet discovery

debian-9-mipsel

8 signatures

150 seconds

Malware Config

Targets

- Target
  
  98cf4da6c211b5bfe3611564d11c0cac.elf
- Size
  
  34KB
- MD5
  
  98cf4da6c211b5bfe3611564d11c0cac
- SHA1
  
  6266d294924c49e8c8eb835c5041833a68c14001
- SHA256
  
  d07280becf607fa4e06dd4ac50d2cb51683e90ee4b3db0abc1c347068fa21b38
- SHA512
  
  07b6060abb199f928f00ea1a2e5ea6d7d6aa6b7987fa8d92e73e3c3ef937915a43f63ab3ad5939125002f7a479d541003f30ca606b3b2569cd86785a700b2dce
- SSDEEP
  
  768:Qjit3osnfUPVMmz9kOnjBGafdQm2SEWVaY++6QWx:L3s2WkOndGMQmwWVaY++6r
Score

10^/10

mirai botnet discovery
- Mirai
  Mirai is a prevalent Linux malware infecting exposed network devices.
  botnet mirai
- Contacts a large (70928) amount of remote hosts
  This may indicate a network scan to discover remotely running services.
  discovery
- Creates a large amount of network flows
  This may indicate a network scan to discover remotely running services.
  discovery
- Changes its process name
- Enumerates active TCP sockets
  Gets active TCP sockets from /proc virtual filesystem.
- Reads system network configuration
  Uses contents of /proc filesystem to enumerate network settings.
- Reads runtime system information
  Reads data from /proc virtual filesystem.
- Writes file to tmp directory
  Malware often drops required files in the /tmp directory.
behavioral1

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Network Service Scanning

System Network Configuration Discovery

System Network Connections Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

miraibotnetdiscovery

© 2018-2024

Terms | Privacy