mirai | 95dd100547a09f6fbce08bd395da63327cb8888c92787c8a94248613bce8dac4 | Triage

Submit
Reports

Overview

overview

Static

static

7

d07280becf...38.elf

debian-9-mipsel

Sharing

General

Target

98cf4da6c211b5bfe3611564d11c0cac.bin
Size

33KB
Sample

230515-b175nsgf21
MD5

01fa08fc0eaa62107aa255c876835150
SHA1

64c1e8d0501acc0f97e0d501af5d1c5b24818340
SHA256

95dd100547a09f6fbce08bd395da63327cb8888c92787c8a94248613bce8dac4
SHA512

fa879bc89c330a349804a9e070f6f3af2580d251c33ae8bfa87cef0a8e27255b5ba6c1b105ad1e01186e6e9d1bc1ca87b45ed54c2489255778b10ad9dd6052c0
SSDEEP

768:uwavDh7BE+GXTCJ1miP57X9w/FgcQhtLqjtV6YhGLXjmZOcD1ZWJuWrC:cDhtAWp5zMK96CYhGLAnhMIWO

Score

10^/10

mirai botnet discovery upx

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

d07280becf607fa4e06dd4ac50d2cb51683e90ee4b3db0abc1c347068fa21b38.elf

Resource

debian9-mipsel-en-20211208

mirai botnet discovery

debian-9-mipsel

8 signatures

150 seconds

Malware Config

Targets

- Target
  
  d07280becf607fa4e06dd4ac50d2cb51683e90ee4b3db0abc1c347068fa21b38.elf
- Size
  
  34KB
- MD5
  
  98cf4da6c211b5bfe3611564d11c0cac
- SHA1
  
  6266d294924c49e8c8eb835c5041833a68c14001
- SHA256
  
  d07280becf607fa4e06dd4ac50d2cb51683e90ee4b3db0abc1c347068fa21b38
- SHA512
  
  07b6060abb199f928f00ea1a2e5ea6d7d6aa6b7987fa8d92e73e3c3ef937915a43f63ab3ad5939125002f7a479d541003f30ca606b3b2569cd86785a700b2dce
- SSDEEP
  
  768:Qjit3osnfUPVMmz9kOnjBGafdQm2SEWVaY++6QWx:L3s2WkOndGMQmwWVaY++6r
Score

10^/10

mirai botnet discovery
- Mirai
  Mirai is a prevalent Linux malware infecting exposed network devices.
  botnet mirai
- Contacts a large (66202) amount of remote hosts
  This may indicate a network scan to discover remotely running services.
  discovery
- Creates a large amount of network flows
  This may indicate a network scan to discover remotely running services.
  discovery
- Changes its process name
- Enumerates active TCP sockets
  Gets active TCP sockets from /proc virtual filesystem.
- Reads system network configuration
  Uses contents of /proc filesystem to enumerate network settings.
- Reads runtime system information
  Reads data from /proc virtual filesystem.
- Writes file to tmp directory
  Malware often drops required files in the /tmp directory.
behavioral1

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Network Service Scanning

System Network Connections Discovery

System Network Configuration Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

miraibotnetdiscovery

© 2018-2024

Terms | Privacy