mirai | b4bce2467d82b1cbe7ca711344503ad72bb8703bf4e7d1b483c152dbe62064ac | Triage

Submit
Reports

Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

Static

static

7

d8dacd3921...8c.elf

debian-9-mips

Sharing

General

Target

7557f4107ed3ed4e291577fdbf82dea5.bin
Size

30KB
Sample

240108-dq4evaabhk
MD5

e1d710b4049b6b6dc6364c2e00e3fb64
SHA1

2d9a23590031a5b90863183271e680c47bb62acb
SHA256

b4bce2467d82b1cbe7ca711344503ad72bb8703bf4e7d1b483c152dbe62064ac
SHA512

6431ab3d2f72f570b19073d8371265e0712cc9cfc2f0074f1c5e0348180425d2785ea0f9e151f1b3f5e4e332c8db666d8838056edb99448b50fb5dce103cfb90
SSDEEP

768:C4xKBmJaTlGsr5F0gdWp3uw3TljpP+7qxa4VnZk3SDfVD/1:C4xKHlGEcHew3TldP+QNdZk3UfVL1

Score

10^/10

mirai mirai botnet discovery evasion upx

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

d8dacd3921a016ab597a8ffcf0aaa9496b3aef0c6b8c089511a37ffc34d1518c.elf

Resource

debian9-mipsbe-20231221-en

mirai mirai botnet discovery evasion

debian-9-mips

9 signatures

150 seconds

Malware Config

Extracted

Family

mirai

Botnet

MIRAI

Targets

- Target
  
  d8dacd3921a016ab597a8ffcf0aaa9496b3aef0c6b8c089511a37ffc34d1518c.elf
- Size
  
  31KB
- MD5
  
  7557f4107ed3ed4e291577fdbf82dea5
- SHA1
  
  cdd7a2d038a0eec2549ae1436ed0773d80a8f4db
- SHA256
  
  d8dacd3921a016ab597a8ffcf0aaa9496b3aef0c6b8c089511a37ffc34d1518c
- SHA512
  
  f09993e9c73c93187e2fc49ad4c2acc53445f2ffee0a6a6e4178272bc287e6764dbfb09b7d835d0ced91a5d65185c0ed861c2666f7b99899f27e0f3706087c3f
- SSDEEP
  
  768:VO1s9gKZjYfvymcPuf3NMGq9oVNDEGCFnuwdl8FJkaVJgGlzDpbuR1JC:Ss5mraoLC/dl8FJxVJuc
Score

10^/10

mirai mirai botnet discovery evasion
- Mirai
  Mirai is a prevalent Linux malware infecting exposed network devices.
  botnet mirai
- Contacts a large (70109) amount of remote hosts
  This may indicate a network scan to discover remotely running services.
  discovery
- Creates a large amount of network flows
  This may indicate a network scan to discover remotely running services.
  discovery
- Changes its process name
- Deletes Audit logs
  Deletes logs related to the Linux Audit framework.
  evasion
- Deletes itself
- Deletes system logs
  Deletes log file which contains global system messages. Adversaries may delete system logs to minimize their footprint.
  evasion
- Modifies Watchdog functionality
  Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.
- Deletes log files
  Deletes log files on the system.
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Impair Defenses

Indicator Removal

Credential Access

Discovery

Network Service Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

miraimiraibotnetdiscoveryevasion

© 2018-2025

Terms | Privacy