mirai | f42e25efa95e32287a105cd347ab1e34cad59a4ad590b879716f0b05bc29bd0e | Triage

Sharing

General

Target

f42e25efa95e32287a105cd347ab1e34cad59a4ad590b879716f0b05bc29bd0eelf_JC.elf
Size

102KB
Sample

231005-x2sx2aee9x
MD5

51c42b0511c6cd82949ba75f1a1c22ff
SHA1

c2803378e0a31335f9ad87406670664ec7a8c629
SHA256

f42e25efa95e32287a105cd347ab1e34cad59a4ad590b879716f0b05bc29bd0e
SHA512

57c3c1dae0f48c3e09df008c810a0bd57264dcb87d389f5dc0439977930eea33dd45edc27b127e1c1548979333c32229f01b757c7517a976b1d1e570bcfd4411
SSDEEP

1536:g+bdwV84cpZvupc+GM1JdCk7zK/AXWPm4Z2KKLX/m7bNGSgYSSTMacCa:dxwV8npUpkMVCkgSWPmwILPgbNLR79N

Score

10^/10

mirai unstable discovery linux

Malware Config

Extracted

Family

mirai

Botnet

UNSTABLE

C2

mirai.diicot.net

yukiscan.zc.al

Targets

- Target
  
  f42e25efa95e32287a105cd347ab1e34cad59a4ad590b879716f0b05bc29bd0eelf_JC.elf
- Size
  
  102KB
- MD5
  
  51c42b0511c6cd82949ba75f1a1c22ff
- SHA1
  
  c2803378e0a31335f9ad87406670664ec7a8c629
- SHA256
  
  f42e25efa95e32287a105cd347ab1e34cad59a4ad590b879716f0b05bc29bd0e
- SHA512
  
  57c3c1dae0f48c3e09df008c810a0bd57264dcb87d389f5dc0439977930eea33dd45edc27b127e1c1548979333c32229f01b757c7517a976b1d1e570bcfd4411
- SSDEEP
  
  1536:g+bdwV84cpZvupc+GM1JdCk7zK/AXWPm4Z2KKLX/m7bNGSgYSSTMacCa:dxwV8npUpkMVCkgSWPmwILPgbNLR79N
Score

9^/10

discovery
- Contacts a large (58333) amount of remote hosts
  This may indicate a network scan to discover remotely running services.
  discovery
- Creates a large amount of network flows
  This may indicate a network scan to discover remotely running services.
  discovery
- Changes its process name
- Enumerates running processes
  Discovers information about currently running processes on the system
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Network Service Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1