mirai | 8d7fc020f22c5f6a3245ee348bfceed2edf8c50a1294401e3f44e95cac650d65 | Triage

Sharing

General

Target

jklx86.elf
Size

61KB
Sample

230629-3v5k5sge21
MD5

af56a1d9928725bd58f6d5c32d059a89
SHA1

d44f103d1fb3f6f61207a5869f7fc48c2c8aecdd
SHA256

8d7fc020f22c5f6a3245ee348bfceed2edf8c50a1294401e3f44e95cac650d65
SHA512

65bddebbe0ad0c8837bf321fd80aff56ef44273683d96530268147536e8e579ecde03dc7fc4f5abbf83193cd6c6b134ad27b858364a60dda31eb6e538cc2caa2
SSDEEP

1536:MicZnAM0YGK4UV1tRGi7SQ3hfBis61sYou+Vk5Ddsx/Gvd3vvvvvvvvvvvvZYli:Mi0AM0YGK4M0i7r1B/ms+uklE/Gvd3vV

Score

10^/10

mirai botnet discovery linux

Malware Config

Extracted

Family

mirai

Botnet

BOTNET

Targets

- Target
  
  jklx86.elf
- Size
  
  61KB
- MD5
  
  af56a1d9928725bd58f6d5c32d059a89
- SHA1
  
  d44f103d1fb3f6f61207a5869f7fc48c2c8aecdd
- SHA256
  
  8d7fc020f22c5f6a3245ee348bfceed2edf8c50a1294401e3f44e95cac650d65
- SHA512
  
  65bddebbe0ad0c8837bf321fd80aff56ef44273683d96530268147536e8e579ecde03dc7fc4f5abbf83193cd6c6b134ad27b858364a60dda31eb6e538cc2caa2
- SSDEEP
  
  1536:MicZnAM0YGK4UV1tRGi7SQ3hfBis61sYou+Vk5Ddsx/Gvd3vvvvvvvvvvvvZYli:Mi0AM0YGK4M0i7r1B/ms+uklE/Gvd3vV
Score

9^/10

discovery
- Contacts a large (139934) amount of remote hosts
  This may indicate a network scan to discover remotely running services.
  discovery
- Creates a large amount of network flows
  This may indicate a network scan to discover remotely running services.
  discovery
- Changes its process name
- Deletes itself
- Modifies Watchdog functionality
  Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.
behavioral1

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Impair Defenses

Credential Access

Discovery

Network Service Scanning

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1