mirai | 3416c5d39dcb6f36924da5ce582eae00de311a15b21469f17855894b2c907dfb | Triage

Submit
Reports

Overview

overview

Static

static

7

138a57ba86...11.elf

debian-9-armhf

Sharing

General

Target

3e0b0c2014e2bf86e328bb7011579aaa.bin
Size

57KB
Sample

230515-bldyaage3z
MD5

184f37f72246e3e9104783b6fcdf1d61
SHA1

46d990edbf62df4676ae6ab42188292b4dc6db49
SHA256

3416c5d39dcb6f36924da5ce582eae00de311a15b21469f17855894b2c907dfb
SHA512

e00cdc6b718f99514c08a5ce49e813bd96746996f6516cda5f1e7c5d3d6801db4054ef5ee34f0d58d1e6df89d9e4fc8c4a52246ea3f0d3db38ab2066ce3c812e
SSDEEP

1536:/ysyz54a09L60vNtwGQsMZR+h+YuAu4yLtrCrN5P:/ysyua0401f/MDR6yxCx5P

Score

10^/10

mirai botnet discovery upx

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

138a57ba868d36405d93bbb19061cdef1b2600f7e97eb46ac03441202ee5e211.elf

Resource

debian9-armhf-20221125-en

mirai botnet discovery

debian-9-armhf

8 signatures

150 seconds

Malware Config

Targets

- Target
  
  138a57ba868d36405d93bbb19061cdef1b2600f7e97eb46ac03441202ee5e211.elf
- Size
  
  57KB
- MD5
  
  3e0b0c2014e2bf86e328bb7011579aaa
- SHA1
  
  5476315a86b12d0f6bd359212c8b631945fe6334
- SHA256
  
  138a57ba868d36405d93bbb19061cdef1b2600f7e97eb46ac03441202ee5e211
- SHA512
  
  284f3c6ee140d3fe976cc3fb7aa2a27a87b4d1b03349b9c2b26a9432d53913f9304019246aff6631d10201e67e14ae219991efad40c5edd35df7eb0d46ff805e
- SSDEEP
  
  768:B5vZRCdVnbBTnBNXj6u/+e2cQKHsrjBpYyTVb7b79q3UELcnPFHbeNNjfNBTBO7K:B5v/sbBTBojXLRjf5VnWLc97eNZzIm
Score

10^/10

mirai botnet discovery
- Mirai
  Mirai is a prevalent Linux malware infecting exposed network devices.
  botnet mirai
- Contacts a large (67805) amount of remote hosts
  This may indicate a network scan to discover remotely running services.
  discovery
- Creates a large amount of network flows
  This may indicate a network scan to discover remotely running services.
  discovery
- Changes its process name
- Enumerates active TCP sockets
  Gets active TCP sockets from /proc virtual filesystem.
- Reads system network configuration
  Uses contents of /proc filesystem to enumerate network settings.
- Reads runtime system information
  Reads data from /proc virtual filesystem.
- Writes file to tmp directory
  Malware often drops required files in the /tmp directory.
behavioral1

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Network Service Scanning

System Network Connections Discovery

System Network Configuration Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

miraibotnetdiscovery

© 2018-2024

Terms | Privacy