mirai | c8fe6eb9fe0c8cd5c376396531fa7df682d22ecdc3a4248c683aa882b6831014 | Triage

Submit
Reports

Overview

overview

Static

static

7

9a5fba136d...e0.elf

ubuntu-18.04-amd64

Sharing

General

Target

9c92cc02e440c3c6f3d245f3b1aa56d8.bin
Size

32KB
Sample

230515-b19y9sec75
MD5

6b2392c0e861e752912fc11d0c42649b
SHA1

a912d57e26a0504d2eb283a7c4d023b6d803715b
SHA256

c8fe6eb9fe0c8cd5c376396531fa7df682d22ecdc3a4248c683aa882b6831014
SHA512

8fb869da054fbe225d55cf5a4104e091402ec759a9f68637bd842596d8802ffdc42ed87bf0ad4f7c7858df83fe392cc557c04a343a15a1fa281a53c24ab99f49
SSDEEP

768:iZszyKrYPFqKeXHxrcTETXInfhaflu9Vgj+lVWhSFrDXAj:wJPFzeX6xhaduUj+lVUShLW

Score

10^/10

mirai botnet discovery linux upx

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

9a5fba136d9c99bfa3edb2484774a8fc265468a2de4b5b5cdb525fb601979fe0.elf

Resource

ubuntu1804-amd64-20221125-en

mirai botnet discovery

ubuntu-18.04-amd64

8 signatures

150 seconds

Malware Config

Targets

- Target
  
  9a5fba136d9c99bfa3edb2484774a8fc265468a2de4b5b5cdb525fb601979fe0.elf
- Size
  
  32KB
- MD5
  
  9c92cc02e440c3c6f3d245f3b1aa56d8
- SHA1
  
  6d61d673203bdbf1694fb124356406a982397522
- SHA256
  
  9a5fba136d9c99bfa3edb2484774a8fc265468a2de4b5b5cdb525fb601979fe0
- SHA512
  
  d8b709cca7c37a9c44c98ab6ac7223cb0d92b8f32913befa330f2f749580b318826e6f25fd8f584a21b444b59ef4eeda63d8e6626f9df5f325187508ac9b5edb
- SSDEEP
  
  768:pkutC5wgrj7VQjWT2FCBwZ2i2g3GGGzJgCx8yljQ8tkcdDyis9:1U3hwWzyZ2i26bG1CyljZtklH9
Score

10^/10

mirai botnet discovery
- Mirai
  Mirai is a prevalent Linux malware infecting exposed network devices.
  botnet mirai
- Contacts a large (74467) amount of remote hosts
  This may indicate a network scan to discover remotely running services.
  discovery
- Creates a large amount of network flows
  This may indicate a network scan to discover remotely running services.
  discovery
- Changes its process name
- Enumerates active TCP sockets
  Gets active TCP sockets from /proc virtual filesystem.
- Reads system network configuration
  Uses contents of /proc filesystem to enumerate network settings.
- Reads runtime system information
  Reads data from /proc virtual filesystem.
- Writes file to tmp directory
  Malware often drops required files in the /tmp directory.
behavioral1

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Network Service Scanning

System Network Connections Discovery

System Network Configuration Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

miraibotnetdiscovery

© 2018-2024

Terms | Privacy