Overview

overview

10

Static

static

10

2e59755d2c...14.elf

debian-9-armhf

9

Sharing

Copy URL
Twitter E-mail

General

  • Target

    faaf1c09390b150e61b0438f4aa67e41.bin

  • Size

    58KB

  • Sample

    230825-cev4naab6y

  • MD5

    fd3362659774591744180cc63c094784

  • SHA1

    79905fb2528b3393597ce6397288e395c671e801

  • SHA256

    8acf1aaa4fa1d2a190f0885d1cd73e4361e4be86f2c1dbf59b40de43e652b52d

  • SHA512

    a84874dbb95fad66eda1c3c8822c2e7950d3f97aedbc90e0713c61fc156da41f902eeb825a77a3928348ea0a023eaee71da7cbcdb5579bf404343fa2eddc8f65

  • SSDEEP

    1536:Me2v1uir5AbrZXKMAuZGecUiXgLEyxSRb79E:Mp1uirYZX3VaVgoyx6bpE

Score
10/10
miraicondidiscovery

Malware Config

Extracted

Family

mirai

Botnet

CONDI

C2

cnc.condinet.cf

report.condinet.cf

Targets

    • Target

      2e59755d2cca18a7fd0e8924fac30075fbf6402f0ebf4e4d96e4188c4d8ca414.elf

    • Size

      128KB

    • MD5

      faaf1c09390b150e61b0438f4aa67e41

    • SHA1

      907f907bb1d8af5abde0e865634a15dad54a4b64

    • SHA256

      2e59755d2cca18a7fd0e8924fac30075fbf6402f0ebf4e4d96e4188c4d8ca414

    • SHA512

      a40497998b610ad58423ec6ff7bb3c090b0ccd097da1ced3f7b84e315a5f22e821d3b76d0a33e61775d232a4dd2e3a59fc3cf6b1738a4d3c084cf9ec6f243352

    • SSDEEP

      3072:FMHPp2YD4jMB2CSHfFBR5KVbweCS9j6RM/918mywPoIlq:FMHPp2VjxCSHfFBzK+XS98M/9OmywPo1

    Score
    9/10
    discovery

    • Contacts a large (54500) amount of remote hosts

      This may indicate a network scan to discover remotely running services.

      discovery

    • Creates a large amount of network flows

      This may indicate a network scan to discover remotely running services.

      discovery

    • Changes its process name

    • Modifies Watchdog functionality

      Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.

    • Writes file to system bin folder

    behavioral1

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Hijack Execution Flow

1
T1574

Privilege Escalation

Hijack Execution Flow

1
T1574

Defense Evasion

Impair Defenses

1
T1562

Hijack Execution Flow

1
T1574

Credential Access

Discovery

Network Service Discovery

2
T1046

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks