mirai | 29071bfcff5714523feffefacfa2a1366d3dbfd217158899c1246dbbe0346a6c | Triage

Submit
Reports

Overview

overview

Static

static

mips.elf

debian-9-mips

9

Sharing

Copy URL Twitter E-mail

General

Target

mips.elf
Size

79KB
Sample

231103-ebmdfsbf5t
MD5

a02222399723652f9dbc18f3c4fe9167
SHA1

fa8eb013ee92fb2b81020dc08155d46599f7ac7d
SHA256

29071bfcff5714523feffefacfa2a1366d3dbfd217158899c1246dbbe0346a6c
SHA512

7a0e8cade2f4de0a5309a394cacf24445d7cc2a5e06e127d07fce08ab56035f39fb4dfac9add4b87ce8bf286a55df744934581bef3587dff1e3e0367a0fe41b0
SSDEEP

1536:esBXDnOdlCiQd1JW2kx6zrDV7z0Zw51UiymCBhdUqmo9Iw8PlROlC:ZDnclC5Bd0ZwUiym8Uqm+IwF0

Score

10^/10

mirai botnet discovery

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

mips.elf

Resource

debian9-mipsbe-20231026-en

debian-9-mips

10 signatures

150 seconds

Malware Config

Extracted

Family

mirai

Botnet

BOTNET

Targets

- Target
  
  mips.elf
- Size
  
  79KB
- MD5
  
  a02222399723652f9dbc18f3c4fe9167
- SHA1
  
  fa8eb013ee92fb2b81020dc08155d46599f7ac7d
- SHA256
  
  29071bfcff5714523feffefacfa2a1366d3dbfd217158899c1246dbbe0346a6c
- SHA512
  
  7a0e8cade2f4de0a5309a394cacf24445d7cc2a5e06e127d07fce08ab56035f39fb4dfac9add4b87ce8bf286a55df744934581bef3587dff1e3e0367a0fe41b0
- SSDEEP
  
  1536:esBXDnOdlCiQd1JW2kx6zrDV7z0Zw51UiymCBhdUqmo9Iw8PlROlC:ZDnclC5Bd0ZwUiym8Uqm+IwF0
Score

9^/10

discovery
- Contacts a large (55481) amount of remote hosts
  This may indicate a network scan to discover remotely running services.
  discovery
- Creates a large amount of network flows
  This may indicate a network scan to discover remotely running services.
  discovery
- Changes its process name
- Deletes itself
- Modifies Watchdog functionality
  Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.
- Unexpected DNS network traffic destination
  Network traffic to other servers than the configured DNS servers was detected on the DNS port.
- Enumerates active TCP sockets
  Gets active TCP sockets from /proc virtual filesystem.
- Enumerates running processes
  Discovers information about currently running processes on the system
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Impair Defenses

Credential Access

Discovery

Network Service Discovery

System Network Configuration Discovery

System Network Connections Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

© 2018-2025

Terms | Privacy