mirai | 2afe3f14f806f1b435e2c7c0e82e7e709c8abc4db41b92dddac0fd5df7accb7f | Triage

Submit
Reports

Overview

overview

Static

static

7

c1781b6440...6f.elf

debian-9-armhf

Sharing

General

Target

c1781b6440c32c3cd3b5af772eae3b6f.elf
Size

56KB
Sample

230529-yzdwrsdg6y
MD5

c1781b6440c32c3cd3b5af772eae3b6f
SHA1

f32bb16ada1982fd1b2957687b325c0e654f8749
SHA256

2afe3f14f806f1b435e2c7c0e82e7e709c8abc4db41b92dddac0fd5df7accb7f
SHA512

788ef2c2168cbd772db483855cf3a8aac796af14715f359dc8738bd14179a3bf9e09e15b8d8e625f2dd88a6d85b18209b274567db5c4054e4d9bd3704aad4c5e
SSDEEP

1536:mmRRqYI3gyfg/cTfAfVIYftVufrX51x7kDEc3Slge3:mmTLyI/cTfAfmdhc3Pe

Score

10^/10

mirai unstable botnet discovery upx

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

c1781b6440c32c3cd3b5af772eae3b6f.elf

Resource

debian9-armhf-en-20211208

mirai unstable botnet discovery

debian-9-armhf

7 signatures

150 seconds

Malware Config

Extracted

Family

mirai

Botnet

UNSTABLE

Targets

- Target
  
  c1781b6440c32c3cd3b5af772eae3b6f.elf
- Size
  
  56KB
- MD5
  
  c1781b6440c32c3cd3b5af772eae3b6f
- SHA1
  
  f32bb16ada1982fd1b2957687b325c0e654f8749
- SHA256
  
  2afe3f14f806f1b435e2c7c0e82e7e709c8abc4db41b92dddac0fd5df7accb7f
- SHA512
  
  788ef2c2168cbd772db483855cf3a8aac796af14715f359dc8738bd14179a3bf9e09e15b8d8e625f2dd88a6d85b18209b274567db5c4054e4d9bd3704aad4c5e
- SSDEEP
  
  1536:mmRRqYI3gyfg/cTfAfVIYftVufrX51x7kDEc3Slge3:mmTLyI/cTfAfmdhc3Pe
Score

10^/10

mirai unstable botnet discovery
- Mirai
  Mirai is a prevalent Linux malware infecting exposed network devices.
  botnet mirai
- Contacts a large (157694) amount of remote hosts
  This may indicate a network scan to discover remotely running services.
  discovery
- Creates a large amount of network flows
  This may indicate a network scan to discover remotely running services.
  discovery
- Changes its process name
- Modifies Watchdog functionality
  Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.
- Writes file to system bin folder
behavioral1

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Hijack Execution Flow

Privilege Escalation

Hijack Execution Flow

Defense Evasion

Hijack Execution Flow

Impair Defenses

Credential Access

Discovery

Network Service Scanning

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

miraiunstablebotnetdiscovery

© 2018-2024

Terms | Privacy