mirai | c27b64277c3d14b4c78f42ca9ee2438b602416f988f06cb1a3e026eab2425ffc | Triage

Submit
Reports

Overview

overview

Static

static

7

abf9f5efe1...3d.elf

ubuntu-18.04-amd64

Sharing

General

Target

abf9f5efe15ff1bb22cd306b4f754a3d.elf
Size

32KB
Sample

240212-ws6bbsah2y
MD5

abf9f5efe15ff1bb22cd306b4f754a3d
SHA1

08d1b90ac0a7e19150d6d17d2caca549e9a2dffe
SHA256

c27b64277c3d14b4c78f42ca9ee2438b602416f988f06cb1a3e026eab2425ffc
SHA512

8020bff874de1b64b85318b4711c5285c0c8e426ef3489088175f4651dfe7ce23515e2d2b34ea3035f73c6b8ea2d8054dadcc03bfeab79ec8eecf7ab070a3255
SSDEEP

768:SWlNj94KDdKjZkfd8FlW94QsY/tHL/cuo9wxhDU3YebfFdmD70K:P3gFkfd8b04pqF4uS3bnIp

Score

10^/10

mirai botnet discovery evasion linux upx

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

abf9f5efe15ff1bb22cd306b4f754a3d.elf

Resource

ubuntu1804-amd64-20231222-en

mirai botnet discovery evasion

ubuntu-18.04-amd64

9 signatures

150 seconds

Malware Config

Targets

- Target
  
  abf9f5efe15ff1bb22cd306b4f754a3d.elf
- Size
  
  32KB
- MD5
  
  abf9f5efe15ff1bb22cd306b4f754a3d
- SHA1
  
  08d1b90ac0a7e19150d6d17d2caca549e9a2dffe
- SHA256
  
  c27b64277c3d14b4c78f42ca9ee2438b602416f988f06cb1a3e026eab2425ffc
- SHA512
  
  8020bff874de1b64b85318b4711c5285c0c8e426ef3489088175f4651dfe7ce23515e2d2b34ea3035f73c6b8ea2d8054dadcc03bfeab79ec8eecf7ab070a3255
- SSDEEP
  
  768:SWlNj94KDdKjZkfd8FlW94QsY/tHL/cuo9wxhDU3YebfFdmD70K:P3gFkfd8b04pqF4uS3bnIp
Score

10^/10

mirai botnet discovery evasion
- Mirai
  Mirai is a prevalent Linux malware infecting exposed network devices.
  botnet mirai
- Contacts a large (63969) amount of remote hosts
  This may indicate a network scan to discover remotely running services.
  discovery
- Creates a large amount of network flows
  This may indicate a network scan to discover remotely running services.
  discovery
- Changes its process name
- Deletes Audit logs
  Deletes logs related to the Linux Audit framework.
  evasion
- Deletes itself
- Deletes journal logs
  Deletes systemd journal logs. Likely to evade detection.
  evasion
- Deletes system logs
  Deletes log file which contains global system messages. Adversaries may delete system logs to minimize their footprint.
  evasion
- Modifies Watchdog functionality
  Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Impair Defenses

Indicator Removal

Credential Access

Discovery

Network Service Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

miraibotnetdiscoveryevasion

© 2018-2024

Terms | Privacy