mirai | 50b3f3e3d7b8c64b6fcea2d9abcb2bf79ce73d633d77d967369a38dd787b0e18 | Triage

Sharing

General

Target

kwari.arm7.elf
Size

128KB
Sample

230827-1pxx1add74
MD5

b009dcd1228cd338949555f7a89b44bd
SHA1

ffc0bbb12c86575e1409e8e71060cd31fe00baa7
SHA256

50b3f3e3d7b8c64b6fcea2d9abcb2bf79ce73d633d77d967369a38dd787b0e18
SHA512

89f108eed2a12024fdc4846231a7b3e28d0a803852a7b1ccfcd324b640a8c33d79fc162da118a0c19a9296e8eb0ef273b6e5336838dd98ce008f1be776bf37a1
SSDEEP

3072:Hyb738YOScOHv8BFmeX0ZT8bGSvM/9LI/e:Hy/8YKOHv8BFHX0ibGKM/98/e

Score

10^/10

mirai kaizen discovery

Malware Config

Extracted

Family

mirai

Botnet

KAIZEN

Targets

- Target
  
  kwari.arm7.elf
- Size
  
  128KB
- MD5
  
  b009dcd1228cd338949555f7a89b44bd
- SHA1
  
  ffc0bbb12c86575e1409e8e71060cd31fe00baa7
- SHA256
  
  50b3f3e3d7b8c64b6fcea2d9abcb2bf79ce73d633d77d967369a38dd787b0e18
- SHA512
  
  89f108eed2a12024fdc4846231a7b3e28d0a803852a7b1ccfcd324b640a8c33d79fc162da118a0c19a9296e8eb0ef273b6e5336838dd98ce008f1be776bf37a1
- SSDEEP
  
  3072:Hyb738YOScOHv8BFmeX0ZT8bGSvM/9LI/e:Hy/8YKOHv8BFHX0ibGKM/98/e
Score

9^/10

discovery
- Contacts a large (355149) amount of remote hosts
  This may indicate a network scan to discover remotely running services.
  discovery
- Creates a large amount of network flows
  This may indicate a network scan to discover remotely running services.
  discovery
- Changes its process name
- Modifies Watchdog functionality
  Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Impair Defenses

Credential Access

Discovery

Network Service Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1