mirai | d56b01cd17ce33041c6c8580a21142959b96cd15e2d669ed683701a602320d24 | Triage

Sharing

General

Target

TRC.x86.elf
Size

42KB
Sample

230529-xn7h9sde5w
MD5

828c98f8badbc454e23fda1452d059fb
SHA1

2e4a85164d0feec38248cc7857d9de7026393023
SHA256

d56b01cd17ce33041c6c8580a21142959b96cd15e2d669ed683701a602320d24
SHA512

3687e0f6213d910a6bc14b9f53be4ade8a27a62d3958bb2c6cf800b2daedfd10dc7f7a26dc6b09fd3a8c1b35453086cb4922a05bfa8c31a10ff1d6614b4dc9e7
SSDEEP

768:AdjgKRk+hJeQby4WIY/WXoKmY3Mgi+XxGU/ObPqgFD+EeoV:Ad0KRk+hJeQby4WIY/+o1Y3MgiEs/7qN

Score

10^/10

mirai owari linux

Malware Config

Extracted

Family

mirai

Botnet

OWARI

Targets

- Target
  
  TRC.x86.elf
- Size
  
  42KB
- MD5
  
  828c98f8badbc454e23fda1452d059fb
- SHA1
  
  2e4a85164d0feec38248cc7857d9de7026393023
- SHA256
  
  d56b01cd17ce33041c6c8580a21142959b96cd15e2d669ed683701a602320d24
- SHA512
  
  3687e0f6213d910a6bc14b9f53be4ade8a27a62d3958bb2c6cf800b2daedfd10dc7f7a26dc6b09fd3a8c1b35453086cb4922a05bfa8c31a10ff1d6614b4dc9e7
- SSDEEP
  
  768:AdjgKRk+hJeQby4WIY/WXoKmY3Mgi+XxGU/ObPqgFD+EeoV:Ad0KRk+hJeQby4WIY/+o1Y3MgiEs/7qN
Score

7^/10
- Changes its process name
- Modifies Watchdog functionality
  Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.
- Enumerates active TCP sockets
  Gets active TCP sockets from /proc virtual filesystem.
- Enumerates running processes
  Discovers information about currently running processes on the system
behavioral1

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Impair Defenses

Credential Access

Discovery

System Network Configuration Discovery

System Network Connections Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1