mirai | 258ec354201af0f0b6015ad02738fede58936cb84810222c4b0b7343a53ef921 | Triage

Sharing

General

Target

258ec354201af0f0b6015ad02738fede58936cb84810222c4b0b7343a53ef921.elf
Size

49KB
Sample

240213-cldg7aaf44
MD5

89d3cce7dbc9688305c0b2c5061c5a43
SHA1

576ac3175d85ddb3fceb3fb76fdd89929088d3b3
SHA256

258ec354201af0f0b6015ad02738fede58936cb84810222c4b0b7343a53ef921
SHA512

1df216f351fe3cca53718019988af647c690d8c6e057aad9a7f4c0d16ba92ad8378031810a9cebd0c5a47503dded6cfada42a8b54c25b81a647cde54ddcada06
SSDEEP

1536:Y6elVWRLShIvuIHuR86NofaE232Lb4mbAMwLUIgl:qjWBAAHuR86ofaE23bm/4UIgl

Score

10^/10

mirai linux

Malware Config

Targets

- Target
  
  258ec354201af0f0b6015ad02738fede58936cb84810222c4b0b7343a53ef921.elf
- Size
  
  49KB
- MD5
  
  89d3cce7dbc9688305c0b2c5061c5a43
- SHA1
  
  576ac3175d85ddb3fceb3fb76fdd89929088d3b3
- SHA256
  
  258ec354201af0f0b6015ad02738fede58936cb84810222c4b0b7343a53ef921
- SHA512
  
  1df216f351fe3cca53718019988af647c690d8c6e057aad9a7f4c0d16ba92ad8378031810a9cebd0c5a47503dded6cfada42a8b54c25b81a647cde54ddcada06
- SSDEEP
  
  1536:Y6elVWRLShIvuIHuR86NofaE232Lb4mbAMwLUIgl:qjWBAAHuR86ofaE23bm/4UIgl
Score

7^/10
- Changes its process name
- Deletes itself
- Renames itself
- Unexpected DNS network traffic destination
  Network traffic to other servers than the configured DNS servers was detected on the DNS port.
- Enumerates active TCP sockets
  Gets active TCP sockets from /proc virtual filesystem.
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Network Configuration Discovery

System Network Connections Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1