mirai | 108678473c529d1785c5f0ea37a4b466126dc99486bdd88f0924247f4e23e36b | Triage

Sharing

General

Target

shindempsl.elf
Size

42KB
Sample

230710-htnwsahh8s
MD5

47dc17a6e3fbdee136118d046294a2d8
SHA1

d620a50badb18cfc66d9b696ae4f5e036964114d
SHA256

108678473c529d1785c5f0ea37a4b466126dc99486bdd88f0924247f4e23e36b
SHA512

9a0956df41e315e0895d0d0c5017e3116f666c19507481e724112af6363ba369ccbc758c7ca7a14ab546a629224234744b2fa3fb6f92a7e3a9f757cb0b82388c
SSDEEP

768:FfWj7FKoPftaq84kAQ8IOjyjbNaZ+MmWFM8Eg7JzBrofaWMA:NCpKoPFa59a1jyj8yoxLnrofB

Score

10^/10

mirai unstable botnet upx

Malware Config

Extracted

Family

mirai

Botnet

UNSTABLE

Targets

- Target
  
  shindempsl.elf
- Size
  
  42KB
- MD5
  
  47dc17a6e3fbdee136118d046294a2d8
- SHA1
  
  d620a50badb18cfc66d9b696ae4f5e036964114d
- SHA256
  
  108678473c529d1785c5f0ea37a4b466126dc99486bdd88f0924247f4e23e36b
- SHA512
  
  9a0956df41e315e0895d0d0c5017e3116f666c19507481e724112af6363ba369ccbc758c7ca7a14ab546a629224234744b2fa3fb6f92a7e3a9f757cb0b82388c
- SSDEEP
  
  768:FfWj7FKoPftaq84kAQ8IOjyjbNaZ+MmWFM8Eg7JzBrofaWMA:NCpKoPFa59a1jyj8yoxLnrofB
Score

10^/10

mirai unstable botnet
- Mirai
  Mirai is a prevalent Linux malware infecting exposed network devices.
  botnet mirai
- Changes its process name
- Modifies Watchdog functionality
  Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.
- Writes file to system bin folder
behavioral1

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Hijack Execution Flow

Privilege Escalation

Hijack Execution Flow

Defense Evasion

Hijack Execution Flow

Impair Defenses

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

miraiunstablebotnet