mirai | f0148557c079a0f8fd9d779cd9ffc80998713b085ed08180ed184af31f68a044 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

jew.x86.elf
Size

53KB
Sample

230529-n6a4cabf67
MD5

08e8e8da28bc8d3b1a96542aa0c73fdd
SHA1

dab983700ea4029a896f035cfe495dddb91f3a6e
SHA256

f0148557c079a0f8fd9d779cd9ffc80998713b085ed08180ed184af31f68a044
SHA512

37ff03c63a3bfd2ac01d3c173fc04cec5aa9f4333cbe35fa218d4e129198bbe0a05d35ca8ac514ecc9b5d685e4116830fbb590dc99c531cdee9459a289a3d75e
SSDEEP

1536:BAmkKnnAvjccy7ZeDm4EJd+67ZhP/2Bj6NYc2dZKQDf6:ORKnAvjcV7ZIEJdxZhP/2taXSHb

Score

10^/10

mirai kurc discovery linux

Malware Config

Extracted

Family

mirai

Botnet

KURC

Targets

- Target
  
  jew.x86.elf
- Size
  
  53KB
- MD5
  
  08e8e8da28bc8d3b1a96542aa0c73fdd
- SHA1
  
  dab983700ea4029a896f035cfe495dddb91f3a6e
- SHA256
  
  f0148557c079a0f8fd9d779cd9ffc80998713b085ed08180ed184af31f68a044
- SHA512
  
  37ff03c63a3bfd2ac01d3c173fc04cec5aa9f4333cbe35fa218d4e129198bbe0a05d35ca8ac514ecc9b5d685e4116830fbb590dc99c531cdee9459a289a3d75e
- SSDEEP
  
  1536:BAmkKnnAvjccy7ZeDm4EJd+67ZhP/2Bj6NYc2dZKQDf6:ORKnAvjcV7ZIEJdxZhP/2taXSHb
Score

9^/10

discovery
- Contacts a large (118913) amount of remote hosts
  This may indicate a network scan to discover remotely running services.
  discovery
- Creates a large amount of network flows
  This may indicate a network scan to discover remotely running services.
  discovery
- Changes its process name
- Modifies Watchdog functionality
  Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.
- Writes file to system bin folder
behavioral1

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Hijack Execution Flow

Privilege Escalation

Hijack Execution Flow

Defense Evasion

Hijack Execution Flow

Impair Defenses

Credential Access

Discovery

Network Service Scanning

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1