mirai | 6d90204a61664400748f7eacc74b6e98ceee8211ca563989e0ec1e889885ce13 | Triage

Sharing

General

Target

botx.arm7.elf
Size

128KB
Sample

230808-db6awsbg6x
MD5

83ec7db07d15829b11b321032e5efc69
SHA1

929e564986e2bb2304d6bc786b6f980f60d1fad3
SHA256

6d90204a61664400748f7eacc74b6e98ceee8211ca563989e0ec1e889885ce13
SHA512

6ab7377cf1188ddac1f37ad34f9121fb763a41a444a9dbb1e5d6a6afc09fefa7a8a0626f61fd9f0f60d8788422d36df16ddae35264c5e76024fe611ddd27d6c3
SSDEEP

3072:FMHPp2YH4jMB2CSHfFBR5KVbweCS9j6RM/918mywPoIlq:FMHPp2ZjxCSHfFBzK+XS98M/9OmywPo1

Score

10^/10

mirai condi discovery

Malware Config

Extracted

Family

mirai

Botnet

CONDI

C2

cnc.condinet.cf

report.condinet.cf

Targets

- Target
  
  botx.arm7.elf
- Size
  
  128KB
- MD5
  
  83ec7db07d15829b11b321032e5efc69
- SHA1
  
  929e564986e2bb2304d6bc786b6f980f60d1fad3
- SHA256
  
  6d90204a61664400748f7eacc74b6e98ceee8211ca563989e0ec1e889885ce13
- SHA512
  
  6ab7377cf1188ddac1f37ad34f9121fb763a41a444a9dbb1e5d6a6afc09fefa7a8a0626f61fd9f0f60d8788422d36df16ddae35264c5e76024fe611ddd27d6c3
- SSDEEP
  
  3072:FMHPp2YH4jMB2CSHfFBR5KVbweCS9j6RM/918mywPoIlq:FMHPp2ZjxCSHfFBzK+XS98M/9OmywPo1
Score

9^/10

discovery
- Contacts a large (50272) amount of remote hosts
  This may indicate a network scan to discover remotely running services.
  discovery
- Creates a large amount of network flows
  This may indicate a network scan to discover remotely running services.
  discovery
- Changes its process name
- Modifies Watchdog functionality
  Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.
- Writes file to system bin folder
behavioral1

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Hijack Execution Flow

Privilege Escalation

Hijack Execution Flow

Defense Evasion

Impair Defenses

Hijack Execution Flow

Credential Access

Discovery

Network Service Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1