mirai | 3c215f919ac496e6c77c740c61a5b85a704285d5d33afa88339d7e931fac217a | Triage

Sharing

Copy URL Twitter E-mail

General

Target

42fda82eea4cc4a75ddd3d082d4fc6d2.elf
Size

98KB
Sample

230630-fmznlaha51
MD5

42fda82eea4cc4a75ddd3d082d4fc6d2
SHA1

95df3f93f70c31cbfe724c0bc5e1dc6e4e4515f3
SHA256

3c215f919ac496e6c77c740c61a5b85a704285d5d33afa88339d7e931fac217a
SHA512

d03897df72a6e3eace232bdd336488bc8e926055c938f4630069a5343bcfa4772ec19620e22721c435f7f64a220d434eb64d66de2b457fe5cab1ce1ce8710628
SSDEEP

1536:DxCMvVor8jyV1KkyFamdrSgs49gofPRceAj07jyvBbmJU9iFO:oMjQ1KksRVs4lR+07jyvhmJUkU

Score

10^/10

mirai mirai discovery

Malware Config

Extracted

Family

mirai

Botnet

MIRAI

Targets

- Target
  
  42fda82eea4cc4a75ddd3d082d4fc6d2.elf
- Size
  
  98KB
- MD5
  
  42fda82eea4cc4a75ddd3d082d4fc6d2
- SHA1
  
  95df3f93f70c31cbfe724c0bc5e1dc6e4e4515f3
- SHA256
  
  3c215f919ac496e6c77c740c61a5b85a704285d5d33afa88339d7e931fac217a
- SHA512
  
  d03897df72a6e3eace232bdd336488bc8e926055c938f4630069a5343bcfa4772ec19620e22721c435f7f64a220d434eb64d66de2b457fe5cab1ce1ce8710628
- SSDEEP
  
  1536:DxCMvVor8jyV1KkyFamdrSgs49gofPRceAj07jyvBbmJU9iFO:oMjQ1KksRVs4lR+07jyvhmJUkU
Score

9^/10

discovery
- Contacts a large (3456) amount of remote hosts
  This may indicate a network scan to discover remotely running services.
  discovery
- Changes its process name
- Deletes itself
- Modifies Watchdog functionality
  Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.
- Enumerates active TCP sockets
  Gets active TCP sockets from /proc virtual filesystem.
behavioral1

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Impair Defenses

Credential Access

Discovery

Network Service Scanning

System Network Configuration Discovery

System Network Connections Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1