mirai | ddb27286ef835c7995594cbfc9a4d0843887c80627f890494394e797b1faed95 | Triage

Sharing

General

Target

jew.x86.elf
Size

53KB
Sample

230806-a6zj2sgg4y
MD5

74a3c7ef9b2ad328a28944c63f083847
SHA1

cb911f32c7b691067830044a23e7144f88cc0c81
SHA256

ddb27286ef835c7995594cbfc9a4d0843887c80627f890494394e797b1faed95
SHA512

919f1cab198dcbe7c8d420448915b3f2cb1ff334d7fa1d842527c7a5b775a4ede1cd87285633086a2d5e3f9b8472aca1cf8251e448c42bed590a6f4c5593c566
SSDEEP

1536:BAmkKnnAvjccy7ZeDm4EJd+67ZkC2BjWxrXdJKQDf1:ORKnAvjcV7ZIEJdxZkC2tirN3b

Score

10^/10

mirai kurc discovery linux

Malware Config

Extracted

Family

mirai

Botnet

KURC

Targets

- Target
  
  jew.x86.elf
- Size
  
  53KB
- MD5
  
  74a3c7ef9b2ad328a28944c63f083847
- SHA1
  
  cb911f32c7b691067830044a23e7144f88cc0c81
- SHA256
  
  ddb27286ef835c7995594cbfc9a4d0843887c80627f890494394e797b1faed95
- SHA512
  
  919f1cab198dcbe7c8d420448915b3f2cb1ff334d7fa1d842527c7a5b775a4ede1cd87285633086a2d5e3f9b8472aca1cf8251e448c42bed590a6f4c5593c566
- SSDEEP
  
  1536:BAmkKnnAvjccy7ZeDm4EJd+67ZkC2BjWxrXdJKQDf1:ORKnAvjcV7ZIEJdxZkC2tirN3b
Score

9^/10

discovery
- Contacts a large (118658) amount of remote hosts
  This may indicate a network scan to discover remotely running services.
  discovery
- Creates a large amount of network flows
  This may indicate a network scan to discover remotely running services.
  discovery
- Changes its process name
- Modifies Watchdog functionality
  Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.
- Writes file to system bin folder
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Hijack Execution Flow

Privilege Escalation

Hijack Execution Flow

Defense Evasion

Hijack Execution Flow

Impair Defenses

Credential Access

Discovery

Network Service Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1