Overview

overview

10

Static

static

10

0361a1a77c...e5.elf

ubuntu-18.04-amd64

9

Sharing

Copy URL
Twitter E-mail

General

  • Target

    9065978aa0252f7e70aaecd616602d12.bin

  • Size

    27KB

  • Sample

    230825-b24tmsab3w

  • MD5

    db958a9bb4cc9f4045db93ceb724c942

  • SHA1

    4b1b4528d6d9ffdf1b07615dc0a527b24762cda4

  • SHA256

    848af283e01bb40a038c014694fd22628a5ca0ac96ff8dd1a7e4bf1281011558

  • SHA512

    8ae17287e33a53a3ff167403e638beb32bbd56c013c1d0d6756283e3efb11dbf0fb7845c2e5f6ae7cc8e0ba3ffe3b76f8d87050245280eb6b43356b1c1e1e291

  • SSDEEP

    768:DAPbyt+/zhgyHkT/lN4ISP+n1J/XIyOc3ZX0B1HxxY:DAPbyt+/lNEL4kfJOc10B3xY

Score
10/10
miraicondidiscoverylinux

Malware Config

Extracted

Family

mirai

Botnet

CONDI

C2

cnc.condinet.cf

report.condinet.cf

Targets

    • Target

      0361a1a77cef36cea5fee27905b39ceeac0ec0812c8eb36f9a6771ced6aad7e5.elf

    • Size

      50KB

    • MD5

      9065978aa0252f7e70aaecd616602d12

    • SHA1

      e11a21dff0e6332fcde2303d8d98b835e2b79ea9

    • SHA256

      0361a1a77cef36cea5fee27905b39ceeac0ec0812c8eb36f9a6771ced6aad7e5

    • SHA512

      35b375ba43b81cdda9a319bfa4653a3f239f22caf61f309b7e15dbb4e144bf3296abaf848610c38e4dee65c055f6f71d3b1852a6218f1e63c1040f382ef1af12

    • SSDEEP

      768:ytYRSjaQ9DaZ/oJNExakbMqu8iMlkvKy+h9lCTm/4RsvKQLDJIgMjz:WYRSjaCu1wNPElly+hPCq/4G3LNIgMv

    Score
    9/10
    discovery

    • Contacts a large (57190) amount of remote hosts

      This may indicate a network scan to discover remotely running services.

      discovery

    • Creates a large amount of network flows

      This may indicate a network scan to discover remotely running services.

      discovery

    • Changes its process name

    • Modifies Watchdog functionality

      Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.

    • Writes file to system bin folder

    behavioral1

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Hijack Execution Flow

1
T1574

Privilege Escalation

Hijack Execution Flow

1
T1574

Defense Evasion

Impair Defenses

1
T1562

Hijack Execution Flow

1
T1574

Credential Access

Discovery

Network Service Discovery

2
T1046

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks