mirai | 40ec9c069c377d5c26db4132d8472a22f5bdbf147aecc441f4c72f4b6147a944 | Triage

Submit
Reports

Overview

overview

Static

static

7

023bee700a...5e.elf

ubuntu-18.04-amd64

Sharing

General

Target

023bee700ae0f82842730ea343b6865e.elf
Size

31KB
Sample

230529-r5vyxacc69
MD5

023bee700ae0f82842730ea343b6865e
SHA1

f08d6e499b1951df45c315996d4fa5e4a232ef0d
SHA256

40ec9c069c377d5c26db4132d8472a22f5bdbf147aecc441f4c72f4b6147a944
SHA512

ad562e311503ccac9ca29527f8282aa3bcc98b2cab4529199dd3b3ce8108ddb7653668c82705cecd4338e242f0869e98ae13380c1d89d036b24162054cbdb7e7
SSDEEP

768:svGt6GF3pJKN98wfxFGaGbT+7u7LqZMNonf:FXF3ON9bFIbS7ALvM

Score

10^/10

mirai botnet linux upx

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

023bee700ae0f82842730ea343b6865e.elf

Resource

ubuntu1804-amd64-en-20211208

ubuntu-18.04-amd64

9 signatures

150 seconds

Malware Config

Extracted

Family

mirai

C2

client.orxy.space

Targets

- Target
  
  023bee700ae0f82842730ea343b6865e.elf
- Size
  
  31KB
- MD5
  
  023bee700ae0f82842730ea343b6865e
- SHA1
  
  f08d6e499b1951df45c315996d4fa5e4a232ef0d
- SHA256
  
  40ec9c069c377d5c26db4132d8472a22f5bdbf147aecc441f4c72f4b6147a944
- SHA512
  
  ad562e311503ccac9ca29527f8282aa3bcc98b2cab4529199dd3b3ce8108ddb7653668c82705cecd4338e242f0869e98ae13380c1d89d036b24162054cbdb7e7
- SSDEEP
  
  768:svGt6GF3pJKN98wfxFGaGbT+7u7LqZMNonf:FXF3ON9bFIbS7ALvM
Score

10^/10

mirai botnet
- Mirai
  Mirai is a prevalent Linux malware infecting exposed network devices.
  botnet mirai
- Changes its process name
- Modifies Watchdog functionality
  Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.
- Enumerates active TCP sockets
  Gets active TCP sockets from /proc virtual filesystem.
- Enumerates running processes
  Discovers information about currently running processes on the system
- Write file to user bin folder
- Writes file to system bin folder
behavioral1

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Hijack Execution Flow

Privilege Escalation

Hijack Execution Flow

Defense Evasion

Hijack Execution Flow

Impair Defenses

Credential Access

Discovery

System Network Configuration Discovery

System Network Connections Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

© 2018-2024

Terms | Privacy