Overview

overview

10

Static

static

10

arm7.elf

debian-9-armhf

9

Sharing

Copy URL Twitter E-mail

General

  • Target

    arm7.elf

  • Size

    161KB

  • Sample

    230707-nz5z5shg2t

  • MD5

    586492d3cc5cdcd8a88e638a238d34ab

  • SHA1

    e24f0d982215cf619fb1b358dfbce40d9c9d2734

  • SHA256

    7153aef69b8da083c9e42a21d15db573dcf2fbee707bb7dd48876de5edffdce6

  • SHA512

    b0a43868d0dd8ea2228c3ce067a29a98c8d1ec2e4a06b7d7238b26b4430c4ae8e1d5cc231f679043a5edacbd469745ba4a7ced5843103c899efa6be7bfa03170

  • SSDEEP

    3072:dUW6GNytAhMwYh4uaWGLKWdwffuSFYEJPdslWM/9OalM:dDVytXLSuaWGLKWefDDJPds4M/9OalM

Score
10/10
miraiwickeddiscovery

Malware Config

Extracted

Family

mirai

Botnet

WICKED

Targets

    • Target

      arm7.elf

    • Size

      161KB

    • MD5

      586492d3cc5cdcd8a88e638a238d34ab

    • SHA1

      e24f0d982215cf619fb1b358dfbce40d9c9d2734

    • SHA256

      7153aef69b8da083c9e42a21d15db573dcf2fbee707bb7dd48876de5edffdce6

    • SHA512

      b0a43868d0dd8ea2228c3ce067a29a98c8d1ec2e4a06b7d7238b26b4430c4ae8e1d5cc231f679043a5edacbd469745ba4a7ced5843103c899efa6be7bfa03170

    • SSDEEP

      3072:dUW6GNytAhMwYh4uaWGLKWdwffuSFYEJPdslWM/9OalM:dDVytXLSuaWGLKWefDDJPds4M/9OalM

    Score
    9/10
    discovery

    • Contacts a large (92324) amount of remote hosts

      This may indicate a network scan to discover remotely running services.

      discovery

    • Creates a large amount of network flows

      This may indicate a network scan to discover remotely running services.

      discovery

    • Changes its process name

    • Modifies Watchdog functionality

      Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.

    • Enumerates active TCP sockets

      Gets active TCP sockets from /proc virtual filesystem.

    • Enumerates running processes

      Discovers information about currently running processes on the system

    behavioral1

MITRE ATT&CK Enterprise v6

Tasks