mirai | c0e125c31b9883cf738858419269387bfadbc533abcdbc4188787c5501d62335 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

c0e125c31b9883cf738858419269387bfadbc533abcdbc4188787c5501d62335elf.elf
Size

62KB
Sample

240111-wdc18seah4
MD5

5774b98696fdd0c2797a2e7ecfcf722e
SHA1

ee6d7be216da462321bcfd7074acdb548937a02c
SHA256

c0e125c31b9883cf738858419269387bfadbc533abcdbc4188787c5501d62335
SHA512

b7aba6499c42a2d9ab5c05dea1f47b329b0730fc4096017c5c906ded6de2a0710431ab489771c3c25cfe82f750c2706dfd71b46fed65ece1d5c4f645e73589b1
SSDEEP

1536:qyA6nhA0hy8ysIZ9TrNMEUHCQNufU4gVlE+HaxmxNtTonSCs:qy/hA0hy8gZ3ME0NUUNE+aWN6s

Score

10^/10

mirai mirai linux

Malware Config

Extracted

Family

mirai

Botnet

MIRAI

Targets

- Target
  
  c0e125c31b9883cf738858419269387bfadbc533abcdbc4188787c5501d62335elf.elf
- Size
  
  62KB
- MD5
  
  5774b98696fdd0c2797a2e7ecfcf722e
- SHA1
  
  ee6d7be216da462321bcfd7074acdb548937a02c
- SHA256
  
  c0e125c31b9883cf738858419269387bfadbc533abcdbc4188787c5501d62335
- SHA512
  
  b7aba6499c42a2d9ab5c05dea1f47b329b0730fc4096017c5c906ded6de2a0710431ab489771c3c25cfe82f750c2706dfd71b46fed65ece1d5c4f645e73589b1
- SSDEEP
  
  1536:qyA6nhA0hy8ysIZ9TrNMEUHCQNufU4gVlE+HaxmxNtTonSCs:qy/hA0hy8gZ3ME0NUUNE+aWN6s
Score

7^/10
- Changes its process name
- Modifies Watchdog functionality
  Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.
- Enumerates running processes
  Discovers information about currently running processes on the system
- Writes file to system bin folder
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Hijack Execution Flow

Privilege Escalation

Hijack Execution Flow

Defense Evasion

Hijack Execution Flow

Impair Defenses

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1