mirai | 54be7fe1c0f0d68e84d311c4a32e07029387a28307075849f87918b197f7eab0 | Triage

Sharing

General

Target

orcod.x86.elf
Size

72KB
Sample

230529-sj14gacg8z
MD5

d2e8344f3a4fa5cc6af9e73dacc190d9
SHA1

45f344c21c1afae0aaf5ab043bf12400844bfd2a
SHA256

54be7fe1c0f0d68e84d311c4a32e07029387a28307075849f87918b197f7eab0
SHA512

894cff79312959d1a51534ee27c76d37224ddf7d56ba0e1f298baf464a5c16a26210d50f2b4beb5b5797482ae3e9f414685bedb950fe7ca54179a8ec8c0725be
SSDEEP

1536:R/GfYklyNkSw0FLOsB2kPqaCM6dPrrl4zXU2SUnwh67S:FGAklyNFw0FLOqNPtefl47n5N7S

Score

10^/10

mirai unstable discovery linux

Malware Config

Extracted

Family

mirai

Botnet

UNSTABLE

C2

pxp.softdetails.in

Targets

- Target
  
  orcod.x86.elf
- Size
  
  72KB
- MD5
  
  d2e8344f3a4fa5cc6af9e73dacc190d9
- SHA1
  
  45f344c21c1afae0aaf5ab043bf12400844bfd2a
- SHA256
  
  54be7fe1c0f0d68e84d311c4a32e07029387a28307075849f87918b197f7eab0
- SHA512
  
  894cff79312959d1a51534ee27c76d37224ddf7d56ba0e1f298baf464a5c16a26210d50f2b4beb5b5797482ae3e9f414685bedb950fe7ca54179a8ec8c0725be
- SSDEEP
  
  1536:R/GfYklyNkSw0FLOsB2kPqaCM6dPrrl4zXU2SUnwh67S:FGAklyNFw0FLOqNPtefl47n5N7S
Score

9^/10

discovery
- Contacts a large (205712) amount of remote hosts
  This may indicate a network scan to discover remotely running services.
  discovery
- Creates a large amount of network flows
  This may indicate a network scan to discover remotely running services.
  discovery
- Changes its process name
- Modifies Watchdog functionality
  Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.
- Writes file to system bin folder
behavioral1

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Hijack Execution Flow

Privilege Escalation

Hijack Execution Flow

Defense Evasion

Hijack Execution Flow

Impair Defenses

Credential Access

Discovery

Network Service Scanning

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1