Overview

overview

10

Static

static

10

387c617d57...de9b7f

debian-9-armhf

9

Sharing

Copy URL
Twitter E-mail

General

  • Target

    387c617d575a85d4a5846afa2bde9b7f

  • Size

    130KB

  • Sample

    231219-2xt2rafgbn

  • MD5

    387c617d575a85d4a5846afa2bde9b7f

  • SHA1

    4354dd8123abdd4bf9792d5025bac4743e5af24b

  • SHA256

    be4eb1815aa757b3894ae478a8bd60fd125d4b553077c11ffd23f9e7babd7a7c

  • SHA512

    1626a0f7f7a923832f0efe0055f3bd05c758da6188fcc05c3bd54e13d57863d209d7c94b90a8508c528dfef240b4d13f596fe697c10296a54030681d4932b61a

  • SSDEEP

    3072:iGRzaGhMNs5ausL0f2YNIy3+tuCf+iCgtM/9HO+:iGRzZMq5ausL0f2kI7Hf+iCGM/9HO+

Score
10/10
miraibotdiscovery

Malware Config

Extracted

Family

mirai

Botnet

BOT

Targets

    • Target

      387c617d575a85d4a5846afa2bde9b7f

    • Size

      130KB

    • MD5

      387c617d575a85d4a5846afa2bde9b7f

    • SHA1

      4354dd8123abdd4bf9792d5025bac4743e5af24b

    • SHA256

      be4eb1815aa757b3894ae478a8bd60fd125d4b553077c11ffd23f9e7babd7a7c

    • SHA512

      1626a0f7f7a923832f0efe0055f3bd05c758da6188fcc05c3bd54e13d57863d209d7c94b90a8508c528dfef240b4d13f596fe697c10296a54030681d4932b61a

    • SSDEEP

      3072:iGRzaGhMNs5ausL0f2YNIy3+tuCf+iCgtM/9HO+:iGRzZMq5ausL0f2kI7Hf+iCGM/9HO+

    Score
    9/10
    discovery

    • Contacts a large (53614) amount of remote hosts

      This may indicate a network scan to discover remotely running services.

      discovery

    • Creates a large amount of network flows

      This may indicate a network scan to discover remotely running services.

      discovery

    • Changes its process name

    • Modifies Watchdog functionality

      Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.

    • Enumerates active TCP sockets

      Gets active TCP sockets from /proc virtual filesystem.

    • Writes file to system bin folder

    behavioral1

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Hijack Execution Flow

1
T1574

Privilege Escalation

Hijack Execution Flow

1
T1574

Defense Evasion

Impair Defenses

1
T1562

Hijack Execution Flow

1
T1574

Credential Access

Discovery

Network Service Discovery

2
T1046

System Network Connections Discovery

1
T1049

System Network Configuration Discovery

1
T1016

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks