mirai | 8c8aaca5e8603bb34ff88481ce9525a163c97d0e57a00b04f4b9df35f0bd17f9 | Triage

Sharing

General

Target

f8e9ef154b23893fd8e542c6eeb748a5.elf
Size

78KB
Sample

240104-25n6gaddbr
MD5

f8e9ef154b23893fd8e542c6eeb748a5
SHA1

a8b7d08f9dc6c404ba4e37df30ccad6b8c952659
SHA256

8c8aaca5e8603bb34ff88481ce9525a163c97d0e57a00b04f4b9df35f0bd17f9
SHA512

0bf7f15bf0150d013ac17c2f81424a8057ad72064f6a2ff7275c7377462a4b8362f40bd5510f290a6f40fc9db579cb8f02878638353bad2c3a9b54a7165ecd87
SSDEEP

1536:sOBVZRBDWkMTwc0sq6hPY/Zfldk1o1GC:suVZRBghPY/Eo5

Score

10^/10

mirai mirai discovery

Malware Config

Extracted

Family

mirai

Botnet

MIRAI

C2

cnc.catairlines.net

Targets

- Target
  
  f8e9ef154b23893fd8e542c6eeb748a5.elf
- Size
  
  78KB
- MD5
  
  f8e9ef154b23893fd8e542c6eeb748a5
- SHA1
  
  a8b7d08f9dc6c404ba4e37df30ccad6b8c952659
- SHA256
  
  8c8aaca5e8603bb34ff88481ce9525a163c97d0e57a00b04f4b9df35f0bd17f9
- SHA512
  
  0bf7f15bf0150d013ac17c2f81424a8057ad72064f6a2ff7275c7377462a4b8362f40bd5510f290a6f40fc9db579cb8f02878638353bad2c3a9b54a7165ecd87
- SSDEEP
  
  1536:sOBVZRBDWkMTwc0sq6hPY/Zfldk1o1GC:suVZRBghPY/Eo5
Score

9^/10

discovery
- Contacts a large (72157) amount of remote hosts
  This may indicate a network scan to discover remotely running services.
  discovery
- Creates a large amount of network flows
  This may indicate a network scan to discover remotely running services.
  discovery
- Changes its process name
- Modifies Watchdog functionality
  Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.
- Writes file to system bin folder
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Hijack Execution Flow

Privilege Escalation

Hijack Execution Flow

Defense Evasion

Hijack Execution Flow

Impair Defenses

Credential Access

Discovery

Network Service Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1