mirai | d930e03b78f054fcff98330d08d5105dd2b82e4077d3e2320f2407c877ed0777 | Triage

Sharing

General

Target

SecuriteInfo.com.Heur.20230530012700444246915.elf
Size

44KB
Sample

230530-bt375seg5y
MD5

3ee707af6422cd9a2a310f6fda458f6b
SHA1

a255ea6b39906b4c7bf15b1a52fdb43b50615f85
SHA256

d930e03b78f054fcff98330d08d5105dd2b82e4077d3e2320f2407c877ed0777
SHA512

e03d85628ec23454321f817ba3b453ad67da6f68603b7a1b1a9f86783096bcc1d58c68d6add988be145d6cb5b52b3dce1c2cc005c871faa07477630cf32a4ce7
SSDEEP

768:zs14hsFXVIgUksoW+lOqzqoU1PRreX4nblq3UIsVSasAyF/duUM2cZKq2acv:buFFxUhoWUOffPRiIbCsV9sAouUI7+

Score

10^/10

mirai botnet upx

Malware Config

Targets

- Target
  
  SecuriteInfo.com.Heur.20230530012700444246915.elf
- Size
  
  44KB
- MD5
  
  3ee707af6422cd9a2a310f6fda458f6b
- SHA1
  
  a255ea6b39906b4c7bf15b1a52fdb43b50615f85
- SHA256
  
  d930e03b78f054fcff98330d08d5105dd2b82e4077d3e2320f2407c877ed0777
- SHA512
  
  e03d85628ec23454321f817ba3b453ad67da6f68603b7a1b1a9f86783096bcc1d58c68d6add988be145d6cb5b52b3dce1c2cc005c871faa07477630cf32a4ce7
- SSDEEP
  
  768:zs14hsFXVIgUksoW+lOqzqoU1PRreX4nblq3UIsVSasAyF/duUM2cZKq2acv:buFFxUhoWUOffPRiIbCsV9sAouUI7+
Score

10^/10

mirai botnet
- Mirai
  Mirai is a prevalent Linux malware infecting exposed network devices.
  botnet mirai
- Changes its process name
- Modifies Watchdog functionality
  Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.
- Writes file to system bin folder
behavioral1

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Hijack Execution Flow

Privilege Escalation

Hijack Execution Flow

Defense Evasion

Hijack Execution Flow

Impair Defenses

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1