mirai | 33b29d6f086de198232ab22182f39592c96b53f741b1694d7dbd3cb4952a3a69 | Triage

Submit
Reports

Overview

overview

Static

static

7

a84de46a57...68.elf

debian-9-mipsel

Sharing

General

Target

7a9087623c239af857f69cf79fe8b3a7.bin
Size

34KB
Sample

230602-cdys6ahg6x
MD5

9f88bc570dcece140e93080d405f19a6
SHA1

eefd8400c645f6e823408db9927463b5fb356b14
SHA256

33b29d6f086de198232ab22182f39592c96b53f741b1694d7dbd3cb4952a3a69
SHA512

d3899a303dbfebe65bbe8289222baacd576d9b6f53ed2de1bf25f0a771d805667f164870a1412646e56ddc3bea45dca46e0588004f32960465f134c0fa457a83
SSDEEP

768:QX6rqGWahlwXvIVuury9EwU5809ZET4JacHf/9wcOHFsCV:QKK8UkFeOVO4JDHn95O3

Score

10^/10

mirai unstable botnet discovery upx

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

a84de46a574ff256be2b974a1243536c34d183198973a89ae9faa6a7fb0de768.elf

Resource

debian9-mipsel-en-20211208

mirai unstable botnet discovery

debian-9-mipsel

7 signatures

150 seconds

Malware Config

Extracted

Family

mirai

Botnet

UNSTABLE

Targets

- Target
  
  a84de46a574ff256be2b974a1243536c34d183198973a89ae9faa6a7fb0de768.elf
- Size
  
  35KB
- MD5
  
  7a9087623c239af857f69cf79fe8b3a7
- SHA1
  
  72a74212fb7697bf350ee8923a7dfcab467e7dae
- SHA256
  
  a84de46a574ff256be2b974a1243536c34d183198973a89ae9faa6a7fb0de768
- SHA512
  
  ea564839fb452ddf0df9c0af31ac5c849252d5fabbc4389257ccfb59bd26b987df7a00e884e6a79ed5bc8085d1e880f430a7f3ca42996dfbc43fdd2e0950eb3c
- SSDEEP
  
  768:mE1T2TphOV0R3IE/XZ3nfjysjkry2/rjJ1xmXWMW:mMn097B3fF2TjJ1xm+
Score

10^/10

mirai unstable botnet discovery
- Mirai
  Mirai is a prevalent Linux malware infecting exposed network devices.
  botnet mirai
- Contacts a large (196565) amount of remote hosts
  This may indicate a network scan to discover remotely running services.
  discovery
- Creates a large amount of network flows
  This may indicate a network scan to discover remotely running services.
  discovery
- Changes its process name
- Modifies Watchdog functionality
  Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.
- Writes file to system bin folder
behavioral1

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Hijack Execution Flow

Privilege Escalation

Hijack Execution Flow

Defense Evasion

Impair Defenses

Hijack Execution Flow

Credential Access

Discovery

Network Service Scanning

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

miraiunstablebotnetdiscovery

© 2018-2024

Terms | Privacy