mirai | b9d92f637996e981006173eb207734301ff69ded8f9c2a7f0c9b6d5fcc9063a2 | Triage

Submit
Reports

Overview

overview

Static

static

7

8e09ce63b9...62b24c

debian-9-armhf

Sharing

General

Target

8e09ce63b913be6f161f94738d62b24c
Size

31KB
Sample

240212-wt6y9ace37
MD5

8e09ce63b913be6f161f94738d62b24c
SHA1

a81171394b9e1a837463e91e207ce955cbf2a87f
SHA256

b9d92f637996e981006173eb207734301ff69ded8f9c2a7f0c9b6d5fcc9063a2
SHA512

526197e30fcb5e56066381c6d13566b632cb1c9470000cb0b558b0141f3171fcc11f6144744546a040c6f214012ababb4f2a62371e9818b1b3d141dad5a9b543
SSDEEP

768:Czc5814KRScHTqA4kOp2OITxWr/t9IGr7rs3UozL:4NRScHN+PHr7WzL

Score

10^/10

mirai mirai botnet discovery evasion upx

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

8e09ce63b913be6f161f94738d62b24c

Resource

debian9-armhf-20231215-en

mirai mirai botnet discovery evasion

debian-9-armhf

10 signatures

150 seconds

Malware Config

Extracted

Family

mirai

Botnet

MIRAI

Targets

- Target
  
  8e09ce63b913be6f161f94738d62b24c
- Size
  
  31KB
- MD5
  
  8e09ce63b913be6f161f94738d62b24c
- SHA1
  
  a81171394b9e1a837463e91e207ce955cbf2a87f
- SHA256
  
  b9d92f637996e981006173eb207734301ff69ded8f9c2a7f0c9b6d5fcc9063a2
- SHA512
  
  526197e30fcb5e56066381c6d13566b632cb1c9470000cb0b558b0141f3171fcc11f6144744546a040c6f214012ababb4f2a62371e9818b1b3d141dad5a9b543
- SSDEEP
  
  768:Czc5814KRScHTqA4kOp2OITxWr/t9IGr7rs3UozL:4NRScHN+PHr7WzL
Score

10^/10

mirai mirai botnet discovery evasion
- Mirai
  Mirai is a prevalent Linux malware infecting exposed network devices.
  botnet mirai
- Contacts a large (62430) amount of remote hosts
  This may indicate a network scan to discover remotely running services.
  discovery
- Creates a large amount of network flows
  This may indicate a network scan to discover remotely running services.
  discovery
- Changes its process name
- Deletes Audit logs
  Deletes logs related to the Linux Audit framework.
  evasion
- Deletes itself
- Deletes system logs
  Deletes log file which contains global system messages. Adversaries may delete system logs to minimize their footprint.
  evasion
- Modifies Watchdog functionality
  Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.
- Deletes log files
  Deletes log files on the system.
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Impair Defenses

Indicator Removal

Credential Access

Discovery

Network Service Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

miraimiraibotnetdiscoveryevasion

© 2018-2024

Terms | Privacy