mirai | 7ce4eb8e15c4fa0f41dd4d32f9a284031c8db58176c73087a07b0849fe3a5bf2 | Triage

Sharing

General

Target

f196a252b3cb264fd7076c2b0b882692.elf
Size

39KB
Sample

230529-rzpjyacc43
MD5

f196a252b3cb264fd7076c2b0b882692
SHA1

e4167fabbeeefa085503c62e2bbce698a6500824
SHA256

7ce4eb8e15c4fa0f41dd4d32f9a284031c8db58176c73087a07b0849fe3a5bf2
SHA512

2260f870126fa103ba374d091e30d3c65454c15fa614ab5f9d770cd012ea7a4bf8090f43937d7a08af9821aa2aff0bb9f705431990972748c8d330fa375dbf26
SSDEEP

768:ambVu1XsZ/ZkbZcCwCHxu6s7MAlRNqB2pJ9Rr2+iO9v9vkuTMEZ+IZ2qJq9hRNUZ:DUxsrkb+7UxQ7MWwB2pJy+/9v6lEZ+9g

Score

10^/10

mirai botnet

Malware Config

Extracted

Family

mirai

C2

client.orxy.space

Targets

- Target
  
  f196a252b3cb264fd7076c2b0b882692.elf
- Size
  
  39KB
- MD5
  
  f196a252b3cb264fd7076c2b0b882692
- SHA1
  
  e4167fabbeeefa085503c62e2bbce698a6500824
- SHA256
  
  7ce4eb8e15c4fa0f41dd4d32f9a284031c8db58176c73087a07b0849fe3a5bf2
- SHA512
  
  2260f870126fa103ba374d091e30d3c65454c15fa614ab5f9d770cd012ea7a4bf8090f43937d7a08af9821aa2aff0bb9f705431990972748c8d330fa375dbf26
- SSDEEP
  
  768:ambVu1XsZ/ZkbZcCwCHxu6s7MAlRNqB2pJ9Rr2+iO9v9vkuTMEZ+IZ2qJq9hRNUZ:DUxsrkb+7UxQ7MWwB2pJy+/9v6lEZ+9g
Score

10^/10

mirai botnet
- Mirai
  Mirai is a prevalent Linux malware infecting exposed network devices.
  botnet mirai
- Changes its process name
- Modifies Watchdog functionality
  Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.
- Write file to user bin folder
- Writes file to system bin folder
behavioral1

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Hijack Execution Flow

Privilege Escalation

Hijack Execution Flow

Defense Evasion

Hijack Execution Flow

Impair Defenses

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1