mirai | 3985daafd5b0c8760c87b5257eca8cafb3a9bff9362b26c8e07d69b87c819e70 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

71da628341c3b0607ebddcf7b6f61cae.elf
Size

156KB
Sample

231010-va4jcage65
MD5

71da628341c3b0607ebddcf7b6f61cae
SHA1

8a045f9fafbd99863b0600e17e577e593e41a614
SHA256

3985daafd5b0c8760c87b5257eca8cafb3a9bff9362b26c8e07d69b87c819e70
SHA512

6b434700acecf08aeb2ab41aa8f1a5133b79e74be1aa1b947138c80e84c9b01211ef58775dc251bbe7f9592c1149f097b52a8493da9ebfdc0d5aefc97c3a962c
SSDEEP

3072:us1DclOPW1KIEkMPMFJQ0O3ZvDYXd3F2nn1ZGTROIzxrzrUZ1ydJZNc:us1DclOPWYHkMPMFJR5HkgRTzxRJZNc

Score

10^/10

mirai unstable discovery linux

Malware Config

Extracted

Family

mirai

Botnet

UNSTABLE

C2

mirai.diicot.net

yukiscan.zc.al

Targets

- Target
  
  71da628341c3b0607ebddcf7b6f61cae.elf
- Size
  
  156KB
- MD5
  
  71da628341c3b0607ebddcf7b6f61cae
- SHA1
  
  8a045f9fafbd99863b0600e17e577e593e41a614
- SHA256
  
  3985daafd5b0c8760c87b5257eca8cafb3a9bff9362b26c8e07d69b87c819e70
- SHA512
  
  6b434700acecf08aeb2ab41aa8f1a5133b79e74be1aa1b947138c80e84c9b01211ef58775dc251bbe7f9592c1149f097b52a8493da9ebfdc0d5aefc97c3a962c
- SSDEEP
  
  3072:us1DclOPW1KIEkMPMFJQ0O3ZvDYXd3F2nn1ZGTROIzxrzrUZ1ydJZNc:us1DclOPWYHkMPMFJR5HkgRTzxRJZNc
Score

9^/10

discovery
- Contacts a large (74191) amount of remote hosts
  This may indicate a network scan to discover remotely running services.
  discovery
- Creates a large amount of network flows
  This may indicate a network scan to discover remotely running services.
  discovery
- Changes its process name
- Modifies Watchdog functionality
  Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.
- Enumerates running processes
  Discovers information about currently running processes on the system
- Writes file to system bin folder
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Hijack Execution Flow

Privilege Escalation

Hijack Execution Flow

Defense Evasion

Hijack Execution Flow

Impair Defenses

Credential Access

Discovery

Network Service Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1