mirai | f9a77f4ba5cb72e15dfafd79512f3381ec8263fce13db3282757b8268a1f07a7 | Triage

Sharing

General

Target

f9a77f4ba5cb72e15dfafd79512f3381ec8263fce13db3282757b8268a1f07a7_JC.elf
Size

62KB
Sample

230930-vb8jpafe44
MD5

302b7c8826a8618dbdcb21808a27bcbd
SHA1

7cf4f2c267723e914c4995082e2b26217f727483
SHA256

f9a77f4ba5cb72e15dfafd79512f3381ec8263fce13db3282757b8268a1f07a7
SHA512

718dacc041f3a68f6eacd5ae8dd6359b5deb1cc64a3198bbe6a104fc5d89bc878b1584cf72780c4f6dd4c90f0a246c6e8f64477d741622e1892a35884ac930c3
SSDEEP

768:WUN/0NcbOLJTPzms4AkD0NBzSVyKUUBqBNazDmzejsC1qFiY9YqY9YEY3YhYHcWF:W3ECzYD03zSQ7GMGWHDDIeXvfYQSK

Score

10^/10

mirai discovery

Malware Config

Targets

- Target
  
  f9a77f4ba5cb72e15dfafd79512f3381ec8263fce13db3282757b8268a1f07a7_JC.elf
- Size
  
  62KB
- MD5
  
  302b7c8826a8618dbdcb21808a27bcbd
- SHA1
  
  7cf4f2c267723e914c4995082e2b26217f727483
- SHA256
  
  f9a77f4ba5cb72e15dfafd79512f3381ec8263fce13db3282757b8268a1f07a7
- SHA512
  
  718dacc041f3a68f6eacd5ae8dd6359b5deb1cc64a3198bbe6a104fc5d89bc878b1584cf72780c4f6dd4c90f0a246c6e8f64477d741622e1892a35884ac930c3
- SSDEEP
  
  768:WUN/0NcbOLJTPzms4AkD0NBzSVyKUUBqBNazDmzejsC1qFiY9YqY9YEY3YhYHcWF:W3ECzYD03zSQ7GMGWHDDIeXvfYQSK
Score

9^/10

discovery
- Creates a large amount of network flows
  This may indicate a network scan to discover remotely running services.
  discovery
- Changes its process name
- Deletes itself
- Modifies Watchdog functionality
  Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Impair Defenses

Credential Access

Discovery

Network Service Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1