Overview

overview

10

Static

static

10

c668ac6a5d...c8.elf

ubuntu-18.04-amd64

9

Sharing

Copy URL
Twitter E-mail

General

  • Target

    cf4261cce32c80773e92315fc754eaa1.bin

  • Size

    34KB

  • Sample

    230724-c7grqshf78

  • MD5

    d38ae51aa8d501be02b249e6f0dd6e12

  • SHA1

    8d903a4c61bed8e926036cff72cd6d34d70b55a1

  • SHA256

    7621d1608c7e155bfd23dec8b8adf710ce30d0304e1e0a3c2240b6338ac098fe

  • SHA512

    3297186329f2bb3c9697cc0f575ee876200ccdb7dd386003fac19ecd44dc4d39c68ea6d963005e08e0e49476efbe5e7dfdce69cc2079e368472a9900b3516793

  • SSDEEP

    768:MWJDtEW5OZc7Cl1cp3QMPdR0Sfbqam0yPQBBatyvFoY4:PtXILl1/MrZNBaYdoY4

Score
10/10
miraibotnetdiscoverylinux

Malware Config

Extracted

Family

mirai

Botnet

BOTNET

C2

cnc.powerfull-skid.com

Targets

    • Target

      c668ac6a5d75b41a3d9b3f0d23290fe9c41690043fa3cd533ee1c44b30c250c8.elf

    • Size

      73KB

    • MD5

      cf4261cce32c80773e92315fc754eaa1

    • SHA1

      ab0f31a66c0da8500e3e5a47aff9ff0291c79c6e

    • SHA256

      c668ac6a5d75b41a3d9b3f0d23290fe9c41690043fa3cd533ee1c44b30c250c8

    • SHA512

      b9b29941a5cbe1a906191053c8e9e0b20f6b292462b2f511f29cf5b2fc5a033d77e86c58ecf30b448c8289ec71b360aceb1a0efe9f638649dd76b1d6651b329d

    • SSDEEP

      1536:adObTH6V6vLoPzIgmRRG3daxhMpWhADv5o4W2UEGGFtRrbaiFhnh9lqP:xHyCLo7I/7G3WhMpWhAr5oMvVbFhnh94

    Score
    9/10
    discovery

    • Contacts a large (113613) amount of remote hosts

      This may indicate a network scan to discover remotely running services.

      discovery

    • Creates a large amount of network flows

      This may indicate a network scan to discover remotely running services.

      discovery

    • Changes its process name

    • Modifies Watchdog functionality

      Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.

    • Enumerates running processes

      Discovers information about currently running processes on the system

    behavioral1

MITRE ATT&CK Enterprise v15

Tasks