mirai | 301fabc381411225889f33942e46ac0b70c3c9f37bfe9108271d2614deca3938 | Triage

Sharing

General

Target

78f2363bef1d7ad993b403fbebab2aa0.elf
Size

128KB
Sample

230619-j9kdzacf28
MD5

78f2363bef1d7ad993b403fbebab2aa0
SHA1

da6c73887d88b8b4b79359172c4cff3ac9566e6c
SHA256

301fabc381411225889f33942e46ac0b70c3c9f37bfe9108271d2614deca3938
SHA512

9c630e872f903f0fa4cb3b54e805d1fc039d9e6b64bada2e26dfbcb68d2e18423ebb3771e094d13f2ecb9a346a87894a8ea15dffab5783fc46956609532dabc0
SSDEEP

3072:5MHPp2YD4jM82uSHfFBIFKFbwegZS9j6RM/96mywPoIlq:5MHPp2tjkuSHfFBMKO5S98M/96mywPo1

Score

10^/10

mirai condi discovery

Malware Config

Extracted

Family

mirai

Botnet

CONDI

C2

cnc.nullz.tk

report.nullz.tk

Targets

- Target
  
  78f2363bef1d7ad993b403fbebab2aa0.elf
- Size
  
  128KB
- MD5
  
  78f2363bef1d7ad993b403fbebab2aa0
- SHA1
  
  da6c73887d88b8b4b79359172c4cff3ac9566e6c
- SHA256
  
  301fabc381411225889f33942e46ac0b70c3c9f37bfe9108271d2614deca3938
- SHA512
  
  9c630e872f903f0fa4cb3b54e805d1fc039d9e6b64bada2e26dfbcb68d2e18423ebb3771e094d13f2ecb9a346a87894a8ea15dffab5783fc46956609532dabc0
- SSDEEP
  
  3072:5MHPp2YD4jM82uSHfFBIFKFbwegZS9j6RM/96mywPoIlq:5MHPp2tjkuSHfFBMKO5S98M/96mywPo1
Score

9^/10

discovery
- Contacts a large (49511) amount of remote hosts
  This may indicate a network scan to discover remotely running services.
  discovery
- Creates a large amount of network flows
  This may indicate a network scan to discover remotely running services.
  discovery
- Changes its process name
- Modifies Watchdog functionality
  Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.
- Writes file to system bin folder
behavioral1

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Hijack Execution Flow

Privilege Escalation

Hijack Execution Flow

Defense Evasion

Impair Defenses

Hijack Execution Flow

Credential Access

Discovery

Network Service Scanning

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1