mirai | 2e59755d2cca18a7fd0e8924fac30075fbf6402f0ebf4e4d96e4188c4d8ca414 | Triage

Sharing

General

Target

botx.arm7.elf
Size

128KB
Sample

230823-tfmx4sdg22
MD5

faaf1c09390b150e61b0438f4aa67e41
SHA1

907f907bb1d8af5abde0e865634a15dad54a4b64
SHA256

2e59755d2cca18a7fd0e8924fac30075fbf6402f0ebf4e4d96e4188c4d8ca414
SHA512

a40497998b610ad58423ec6ff7bb3c090b0ccd097da1ced3f7b84e315a5f22e821d3b76d0a33e61775d232a4dd2e3a59fc3cf6b1738a4d3c084cf9ec6f243352
SSDEEP

3072:FMHPp2YD4jMB2CSHfFBR5KVbweCS9j6RM/918mywPoIlq:FMHPp2VjxCSHfFBzK+XS98M/9OmywPo1

Score

10^/10

mirai condi discovery

Malware Config

Extracted

Family

mirai

Botnet

CONDI

C2

cnc.condinet.cf

report.condinet.cf

Targets

- Target
  
  botx.arm7.elf
- Size
  
  128KB
- MD5
  
  faaf1c09390b150e61b0438f4aa67e41
- SHA1
  
  907f907bb1d8af5abde0e865634a15dad54a4b64
- SHA256
  
  2e59755d2cca18a7fd0e8924fac30075fbf6402f0ebf4e4d96e4188c4d8ca414
- SHA512
  
  a40497998b610ad58423ec6ff7bb3c090b0ccd097da1ced3f7b84e315a5f22e821d3b76d0a33e61775d232a4dd2e3a59fc3cf6b1738a4d3c084cf9ec6f243352
- SSDEEP
  
  3072:FMHPp2YD4jMB2CSHfFBR5KVbweCS9j6RM/918mywPoIlq:FMHPp2VjxCSHfFBzK+XS98M/9OmywPo1
Score

9^/10

discovery
- Contacts a large (46438) amount of remote hosts
  This may indicate a network scan to discover remotely running services.
  discovery
- Creates a large amount of network flows
  This may indicate a network scan to discover remotely running services.
  discovery
- Changes its process name
- Modifies Watchdog functionality
  Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.
- Writes file to system bin folder
behavioral1

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Hijack Execution Flow

Privilege Escalation

Hijack Execution Flow

Defense Evasion

Impair Defenses

Hijack Execution Flow

Credential Access

Discovery

Network Service Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1