mirai | cd7ec25de399aaeaa8bb28d2be78168325c5fcd8a21c630b42b8e9b3bad158b8 | Triage

Sharing

General

Target

d2d08734fa697c7e03a05e8307a0435f.elf
Size

47KB
Sample

230529-r5vyxacg31
MD5

d2d08734fa697c7e03a05e8307a0435f
SHA1

5d21ef1fbaac25b46504e691cf07fe6912479a93
SHA256

cd7ec25de399aaeaa8bb28d2be78168325c5fcd8a21c630b42b8e9b3bad158b8
SHA512

88a2ffeb403ae1dadd6204bc7eb7ae533dcc2f9a2e32ba214e5f1f39d3b47f72fc6f92004487f4687fa88635f9ad48cd03a5714f40471e92793b50693dbeac0a
SSDEEP

768:8m5gQkZb6ifu/Ggh9OHApqBt1m1UlFzXn+PtwhHya80lfeA2Fdphg7C:R5mb6itgUAcXR73+6hH+AS7

Score

10^/10

mirai botnet

Malware Config

Extracted

Family

mirai

C2

client.orxy.space

Targets

- Target
  
  d2d08734fa697c7e03a05e8307a0435f.elf
- Size
  
  47KB
- MD5
  
  d2d08734fa697c7e03a05e8307a0435f
- SHA1
  
  5d21ef1fbaac25b46504e691cf07fe6912479a93
- SHA256
  
  cd7ec25de399aaeaa8bb28d2be78168325c5fcd8a21c630b42b8e9b3bad158b8
- SHA512
  
  88a2ffeb403ae1dadd6204bc7eb7ae533dcc2f9a2e32ba214e5f1f39d3b47f72fc6f92004487f4687fa88635f9ad48cd03a5714f40471e92793b50693dbeac0a
- SSDEEP
  
  768:8m5gQkZb6ifu/Ggh9OHApqBt1m1UlFzXn+PtwhHya80lfeA2Fdphg7C:R5mb6itgUAcXR73+6hH+AS7
Score

10^/10

mirai botnet
- Mirai
  Mirai is a prevalent Linux malware infecting exposed network devices.
  botnet mirai
- Changes its process name
- Modifies Watchdog functionality
  Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.
- Write file to user bin folder
- Writes file to system bin folder
behavioral1

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Hijack Execution Flow

Privilege Escalation

Hijack Execution Flow

Defense Evasion

Impair Defenses

Hijack Execution Flow

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1