mirai | 9984d4608b9d7c9be913b4df01e6a4ede125be2a45ed8918bba4a82beef43466 | Triage

Submit
Reports

Overview

overview

Static

static

7

2afe3f14f8...7f.elf

debian-9-armhf

Sharing

General

Target

c1781b6440c32c3cd3b5af772eae3b6f.bin
Size

56KB
Sample

230531-b8pnascg8y
MD5

2525c98906133b9237ae85ca15650760
SHA1

891fcfa4ad4db90b05e403d66c5819cf5db1cedb
SHA256

9984d4608b9d7c9be913b4df01e6a4ede125be2a45ed8918bba4a82beef43466
SHA512

0d563eb53c7eb9e30f1e628358778dc3793423e590954f59c47221cd1bfcfd97a7934dca24dccac7ffb142199e680180f89dc7c8e0374b070eea0a30e259678e
SSDEEP

768:yN07Q/QBuqc24i25zM2oUJ4F42S4wdaVI3ycIfkuiV+w9EYFH1UMl4Sj4gHkyb:yW7ZBpGQO/4tS3ycuS+4XZGM2wpEyb

Score

10^/10

mirai unstable botnet discovery upx

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

2afe3f14f806f1b435e2c7c0e82e7e709c8abc4db41b92dddac0fd5df7accb7f.elf

Resource

debian9-armhf-en-20211208

mirai unstable botnet discovery

debian-9-armhf

7 signatures

150 seconds

Malware Config

Extracted

Family

mirai

Botnet

UNSTABLE

Targets

- Target
  
  2afe3f14f806f1b435e2c7c0e82e7e709c8abc4db41b92dddac0fd5df7accb7f.elf
- Size
  
  56KB
- MD5
  
  c1781b6440c32c3cd3b5af772eae3b6f
- SHA1
  
  f32bb16ada1982fd1b2957687b325c0e654f8749
- SHA256
  
  2afe3f14f806f1b435e2c7c0e82e7e709c8abc4db41b92dddac0fd5df7accb7f
- SHA512
  
  788ef2c2168cbd772db483855cf3a8aac796af14715f359dc8738bd14179a3bf9e09e15b8d8e625f2dd88a6d85b18209b274567db5c4054e4d9bd3704aad4c5e
- SSDEEP
  
  1536:mmRRqYI3gyfg/cTfAfVIYftVufrX51x7kDEc3Slge3:mmTLyI/cTfAfmdhc3Pe
Score

10^/10

mirai unstable botnet discovery
- Mirai
  Mirai is a prevalent Linux malware infecting exposed network devices.
  botnet mirai
- Contacts a large (173428) amount of remote hosts
  This may indicate a network scan to discover remotely running services.
  discovery
- Creates a large amount of network flows
  This may indicate a network scan to discover remotely running services.
  discovery
- Changes its process name
- Modifies Watchdog functionality
  Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.
- Writes file to system bin folder
behavioral1

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Hijack Execution Flow

Privilege Escalation

Hijack Execution Flow

Defense Evasion

Hijack Execution Flow

Impair Defenses

Credential Access

Discovery

Network Service Scanning

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

miraiunstablebotnetdiscovery

© 2018-2024

Terms | Privacy