mirai | ff8e80ab6ce3241d81a9cf06a46bf84c2c348361f8881c361536d76ecd23d6ef | Triage

Submit
Reports

Overview

overview

Static

static

7

3a856e6f7f...4d.elf

debian-9-mipsel

Sharing

General

Target

3a856e6f7f1eec8ee604d77b5c76544d.elf
Size

35KB
Sample

230529-yzdwrsdd62
MD5

3a856e6f7f1eec8ee604d77b5c76544d
SHA1

be3e277fe4fa475ab61b46809891ca7595edae68
SHA256

ff8e80ab6ce3241d81a9cf06a46bf84c2c348361f8881c361536d76ecd23d6ef
SHA512

1d5b8b828c835e87e595a0c575b6d67282bad323bce060dc57566e024a09d4140a47dfcb719c5c752a6a31152d96c3c766b24fc98701ddd07cee92b699052d2f
SSDEEP

768:c1kNo4sPpZj92y6UkJ3UJoroVTtGHFoEs4lBWMF:ce24opLIJkEoCoryH

Score

10^/10

mirai unstable botnet discovery upx

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

3a856e6f7f1eec8ee604d77b5c76544d.elf

Resource

debian9-mipsel-en-20211208

mirai unstable botnet discovery

debian-9-mipsel

7 signatures

150 seconds

Malware Config

Extracted

Family

mirai

Botnet

UNSTABLE

Targets

- Target
  
  3a856e6f7f1eec8ee604d77b5c76544d.elf
- Size
  
  35KB
- MD5
  
  3a856e6f7f1eec8ee604d77b5c76544d
- SHA1
  
  be3e277fe4fa475ab61b46809891ca7595edae68
- SHA256
  
  ff8e80ab6ce3241d81a9cf06a46bf84c2c348361f8881c361536d76ecd23d6ef
- SHA512
  
  1d5b8b828c835e87e595a0c575b6d67282bad323bce060dc57566e024a09d4140a47dfcb719c5c752a6a31152d96c3c766b24fc98701ddd07cee92b699052d2f
- SSDEEP
  
  768:c1kNo4sPpZj92y6UkJ3UJoroVTtGHFoEs4lBWMF:ce24opLIJkEoCoryH
Score

10^/10

mirai unstable botnet discovery
- Mirai
  Mirai is a prevalent Linux malware infecting exposed network devices.
  botnet mirai
- Contacts a large (228251) amount of remote hosts
  This may indicate a network scan to discover remotely running services.
  discovery
- Creates a large amount of network flows
  This may indicate a network scan to discover remotely running services.
  discovery
- Changes its process name
- Modifies Watchdog functionality
  Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.
- Writes file to system bin folder
behavioral1

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Hijack Execution Flow

Privilege Escalation

Hijack Execution Flow

Defense Evasion

Hijack Execution Flow

Impair Defenses

Credential Access

Discovery

Network Service Scanning

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

miraiunstablebotnetdiscovery

© 2018-2024

Terms | Privacy