mirai | 2345af96ca96d455c6ef9477297a0f47f8b16bc4f5d2a8b890468a1531e18121 | Triage

Submit
Reports

Overview

overview

Static

static

7

d11d572a14...d7.elf

debian-9-mips

Sharing

General

Target

687be0db64e721cafa547f1717c5e7d1.bin
Size

30KB
Sample

230531-bsxnzacc93
MD5

260859c2be8bbefaeb73f21e5c12b7bf
SHA1

716e511797813c284230a04ebe54ea3a6c693db4
SHA256

2345af96ca96d455c6ef9477297a0f47f8b16bc4f5d2a8b890468a1531e18121
SHA512

e4717b2d7bd4c73c9f7fd667539866650780900a7672e51ccdd21773b919d761b79f41b7e16ba2cedeae2891e7d911a4db2d5574054d484aff109710c899fee7
SSDEEP

384:jUwdrBQ10F0fDvs8/PFkoN5dJtsC07f9rfP4pOg9XzMzaFtJpt4fBzeYhlLahI9S:jxrU/j2H4pOaMzanJpifphhohInpAQ3q

Score

10^/10

mirai botnet discovery upx

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

d11d572a1404d32ffc062ad741c29588ccd4af2da03aafa8081d059119e2bfd7.elf

Resource

debian9-mipsbe-20221111-en

mirai botnet discovery

debian-9-mips

9 signatures

150 seconds

Malware Config

Targets

- Target
  
  d11d572a1404d32ffc062ad741c29588ccd4af2da03aafa8081d059119e2bfd7.elf
- Size
  
  31KB
- MD5
  
  687be0db64e721cafa547f1717c5e7d1
- SHA1
  
  c817451dc6d72adfe602330fa333058db45d7963
- SHA256
  
  d11d572a1404d32ffc062ad741c29588ccd4af2da03aafa8081d059119e2bfd7
- SHA512
  
  f1504959e986f1b751776a81115fb214788b673b4bb9d4f80cb6826795a43e3077df74e1404dc85e16725b8fc17fe50856b25b5d887bd3718304edd23de748d5
- SSDEEP
  
  768:JgmeI3ZV7A/9k9mPf+JOcEXVigSwPPnNOoslXh1YSU6DCJgGlzDpUYsyU:Jn3H0/W90fMFai+k/VGVqYZU
Score

10^/10

mirai botnet discovery
- Mirai
  Mirai is a prevalent Linux malware infecting exposed network devices.
  botnet mirai
- Contacts a large (167468) amount of remote hosts
  This may indicate a network scan to discover remotely running services.
  discovery
- Creates a large amount of network flows
  This may indicate a network scan to discover remotely running services.
  discovery
- Changes its process name
- Deletes itself
- Modifies Watchdog functionality
  Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.
- Enumerates active TCP sockets
  Gets active TCP sockets from /proc virtual filesystem.
behavioral1

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Impair Defenses

Credential Access

Discovery

Network Service Scanning

System Network Connections Discovery

System Network Configuration Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

miraibotnetdiscovery

© 2018-2024

Terms | Privacy