mirai | 05eca324955430b22f4d899eb9667aafb8acb37d2abd2538db5d36e0a73388bf | Triage

Submit
Reports

Overview

overview

Static

static

7

ff8e80ab6c...ef.elf

debian-9-mipsel

Sharing

General

Target

3a856e6f7f1eec8ee604d77b5c76544d.bin
Size

34KB
Sample

230531-bk51dacc66
MD5

2a3700ac77efa09906468ce1c6d15f53
SHA1

3ea5827b4e54ee7743c698327a467645a9c39d6e
SHA256

05eca324955430b22f4d899eb9667aafb8acb37d2abd2538db5d36e0a73388bf
SHA512

a86ec6c4988ec3c3790cc0cfb799aeed3b2415d892e076daa6ffe077d25b2a2ea3d61e4f75984d01654764a03e0c7765bf100453d248ff9915c8c082d4cbf247
SSDEEP

768:+7FaJtIH/o/S2CMql485wBAz3UnVHX88zP0DK4Tcpf:qaLMwO48/k31kBTc9

Score

10^/10

mirai unstable botnet discovery upx

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

ff8e80ab6ce3241d81a9cf06a46bf84c2c348361f8881c361536d76ecd23d6ef.elf

Resource

debian9-mipsel-en-20211208

mirai unstable botnet discovery

debian-9-mipsel

7 signatures

150 seconds

Malware Config

Extracted

Family

mirai

Botnet

UNSTABLE

Targets

- Target
  
  ff8e80ab6ce3241d81a9cf06a46bf84c2c348361f8881c361536d76ecd23d6ef.elf
- Size
  
  35KB
- MD5
  
  3a856e6f7f1eec8ee604d77b5c76544d
- SHA1
  
  be3e277fe4fa475ab61b46809891ca7595edae68
- SHA256
  
  ff8e80ab6ce3241d81a9cf06a46bf84c2c348361f8881c361536d76ecd23d6ef
- SHA512
  
  1d5b8b828c835e87e595a0c575b6d67282bad323bce060dc57566e024a09d4140a47dfcb719c5c752a6a31152d96c3c766b24fc98701ddd07cee92b699052d2f
- SSDEEP
  
  768:c1kNo4sPpZj92y6UkJ3UJoroVTtGHFoEs4lBWMF:ce24opLIJkEoCoryH
Score

10^/10

mirai unstable botnet discovery
- Mirai
  Mirai is a prevalent Linux malware infecting exposed network devices.
  botnet mirai
- Contacts a large (216530) amount of remote hosts
  This may indicate a network scan to discover remotely running services.
  discovery
- Creates a large amount of network flows
  This may indicate a network scan to discover remotely running services.
  discovery
- Changes its process name
- Modifies Watchdog functionality
  Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.
- Writes file to system bin folder
behavioral1

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Hijack Execution Flow

Privilege Escalation

Hijack Execution Flow

Defense Evasion

Hijack Execution Flow

Impair Defenses

Credential Access

Discovery

Network Service Scanning

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

miraiunstablebotnetdiscovery

© 2018-2024

Terms | Privacy