Overview

overview

10

Static

static

7

28f2d15a7b...8b.elf

debian-9-armhf

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    28f2d15a7bae63fdb620eccf7a05f38b.elf

  • Size

    55KB

  • Sample

    230529-ts3t4ada9z

  • MD5

    28f2d15a7bae63fdb620eccf7a05f38b

  • SHA1

    68f89a0704af09b90fa0052a5f4d907fb4d6b18c

  • SHA256

    33a99c61e56fe78994777d4bae62862ec22e2e7e1289c1546913c1cad0728217

  • SHA512

    876a50d5dad4f563549393ffdbe57573b7bf2d303b413ddae4a693891eea3d0764690cb0467130de82a37792fcdd77664a21b749c9ce872d17cc95b276dbb100

  • SSDEEP

    1536:3qdcbpON3LGFXB4Foq3TxuWUPgWvdm6x2CT:3GUziocvUPjPcCT

Score
10/10
miraibotnetdiscoveryupx

Malware Config

Targets

    • Target

      28f2d15a7bae63fdb620eccf7a05f38b.elf

    • Size

      55KB

    • MD5

      28f2d15a7bae63fdb620eccf7a05f38b

    • SHA1

      68f89a0704af09b90fa0052a5f4d907fb4d6b18c

    • SHA256

      33a99c61e56fe78994777d4bae62862ec22e2e7e1289c1546913c1cad0728217

    • SHA512

      876a50d5dad4f563549393ffdbe57573b7bf2d303b413ddae4a693891eea3d0764690cb0467130de82a37792fcdd77664a21b749c9ce872d17cc95b276dbb100

    • SSDEEP

      1536:3qdcbpON3LGFXB4Foq3TxuWUPgWvdm6x2CT:3GUziocvUPjPcCT

    Score
    10/10
    miraibotnetdiscovery

    • Mirai

      Mirai is a prevalent Linux malware infecting exposed network devices.

      botnetmirai

    • Contacts a large (178812) amount of remote hosts

      This may indicate a network scan to discover remotely running services.

      discovery

    • Creates a large amount of network flows

      This may indicate a network scan to discover remotely running services.

      discovery

    • Changes its process name

    • Deletes itself

    • Modifies Watchdog functionality

      Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.

    • Enumerates active TCP sockets

      Gets active TCP sockets from /proc virtual filesystem.

    behavioral1

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Impair Defenses

1
T1562

Credential Access

Discovery

Network Service Scanning

2
T1046

System Network Connections Discovery

1
T1049

System Network Configuration Discovery

1
T1016

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks