mirai | 3ceca27983222930da2fe97dc30c3b674dbfd72b8905d29602c1444b9bea6f2f | Triage

Sharing

Copy URL Twitter E-mail

General

Target

3ceca27983222930da2fe97dc30c3b674dbfd72b8905d29602c1444b9bea6f2f.elf
Size

61KB
Sample

240212-cqqcjsfh6y
MD5

bb5ee5a08c2d74aa55a76a52a0e2af68
SHA1

e0f35f0bbcc520afc6ec970afc55ae387c358107
SHA256

3ceca27983222930da2fe97dc30c3b674dbfd72b8905d29602c1444b9bea6f2f
SHA512

37df7d8cd0d455ffed2e77fdf14a055ff172a1a3da06728f464686fc1ff8045058ba746e87e6fbfc977b5186a6133bb0f3c93c5bafc9f7f40588a4ad1a950c94
SSDEEP

1536:Ji6BIgV5FHFC8uguvTjWVWYedCNt8wyywwT1Z6SY:Ji6205FHrMvTAW0j8byZRZ8

Score

10^/10

mirai botnet discovery linux

Malware Config

Extracted

Family

mirai

Botnet

BOTNET

C2

194.169.175.3

Targets

- Target
  
  3ceca27983222930da2fe97dc30c3b674dbfd72b8905d29602c1444b9bea6f2f.elf
- Size
  
  61KB
- MD5
  
  bb5ee5a08c2d74aa55a76a52a0e2af68
- SHA1
  
  e0f35f0bbcc520afc6ec970afc55ae387c358107
- SHA256
  
  3ceca27983222930da2fe97dc30c3b674dbfd72b8905d29602c1444b9bea6f2f
- SHA512
  
  37df7d8cd0d455ffed2e77fdf14a055ff172a1a3da06728f464686fc1ff8045058ba746e87e6fbfc977b5186a6133bb0f3c93c5bafc9f7f40588a4ad1a950c94
- SSDEEP
  
  1536:Ji6BIgV5FHFC8uguvTjWVWYedCNt8wyywwT1Z6SY:Ji6205FHrMvTAW0j8byZRZ8
Score

9^/10

discovery
- Contacts a large (76258) amount of remote hosts
  This may indicate a network scan to discover remotely running services.
  discovery
- Creates a large amount of network flows
  This may indicate a network scan to discover remotely running services.
  discovery
- Changes its process name
- Deletes itself
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Network Service Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1