Overview

overview

10

Static

static

10

mirai.x86.elf

ubuntu-18.04-amd64

9

Sharing

Copy URL Twitter E-mail

General

  • Target

    mirai.x86.elf

  • Size

    68KB

  • Sample

    230701-yrjgaahe49

  • MD5

    1bb4364e411553ba95f2d32df1759d09

  • SHA1

    aa4ebcb5d4f37444def8d4b7547f1765fdea49c7

  • SHA256

    9765b18df48c14e7625ddfe4db477a89cd0975091ca4367ba74d6966ebc01e69

  • SHA512

    96d0752de5dbe3a5b776891f0e883538032e59013e44397814ff48ff5f9d6fd42f068ea00fcbb7bcc5f5b45081e1d5a3d386c66e09729f638cb9261ccf93bb36

  • SSDEEP

    1536:uCaVXjxEZYluXs9xU4l/AAG+TNFKcFnD7Wo8bg9XHqMqZZ5gg7Wg8ggggggggggR:7atjx0YluXs9Jo4TNFFnD7W9bgtKMq

Score
10/10
miraimiraidiscoverylinux

Malware Config

Extracted

Family

mirai

Botnet

MIRAI

C2

hih1i1hi.ddns.net

Targets

    • Target

      mirai.x86.elf

    • Size

      68KB

    • MD5

      1bb4364e411553ba95f2d32df1759d09

    • SHA1

      aa4ebcb5d4f37444def8d4b7547f1765fdea49c7

    • SHA256

      9765b18df48c14e7625ddfe4db477a89cd0975091ca4367ba74d6966ebc01e69

    • SHA512

      96d0752de5dbe3a5b776891f0e883538032e59013e44397814ff48ff5f9d6fd42f068ea00fcbb7bcc5f5b45081e1d5a3d386c66e09729f638cb9261ccf93bb36

    • SSDEEP

      1536:uCaVXjxEZYluXs9xU4l/AAG+TNFKcFnD7Wo8bg9XHqMqZZ5gg7Wg8ggggggggggR:7atjx0YluXs9Jo4TNFFnD7W9bgtKMq

    Score
    9/10
    discovery

    • Contacts a large (6142) amount of remote hosts

      This may indicate a network scan to discover remotely running services.

      discovery

    • Changes its process name

    • Deletes itself

    • Modifies Watchdog functionality

      Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.

    • Creates a large amount of network flows

      This may indicate a network scan to discover remotely running services.

      discovery

    • Enumerates active TCP sockets

      Gets active TCP sockets from /proc virtual filesystem.

    behavioral1

MITRE ATT&CK Enterprise v6

Tasks