mirai | 089bcad9655dc7185070199084fac9faa672d9eb6ee4916e5331a21de973ab34 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

089bcad9655dc7185070199084fac9faa672d9eb6ee4916e5331a21de973ab34.elf
Size

66KB
Sample

240213-cswbksbe23
MD5

080c37ae8567c865ebaa49ca8758062a
SHA1

189e1cf7ef22e63cd39d9bf8886838a9c1b8bf50
SHA256

089bcad9655dc7185070199084fac9faa672d9eb6ee4916e5331a21de973ab34
SHA512

f29589f2ead73e43a49dd16141fc52b1449e5c8c14f1e994d92e58f593a70e6f467e14607ecc8536095d553f668969ff5bf1a581744e5b83a0b5cbef50944beb
SSDEEP

768:o/XSf5PSxqHwcVwyIeWQe/cekbGF3iZqTt6jXi/xUrY7W9w8:o/W5PeDRhHQmcRbGFSZqTA4z

Score

10^/10

mirai

Malware Config

Targets

- Target
  
  089bcad9655dc7185070199084fac9faa672d9eb6ee4916e5331a21de973ab34.elf
- Size
  
  66KB
- MD5
  
  080c37ae8567c865ebaa49ca8758062a
- SHA1
  
  189e1cf7ef22e63cd39d9bf8886838a9c1b8bf50
- SHA256
  
  089bcad9655dc7185070199084fac9faa672d9eb6ee4916e5331a21de973ab34
- SHA512
  
  f29589f2ead73e43a49dd16141fc52b1449e5c8c14f1e994d92e58f593a70e6f467e14607ecc8536095d553f668969ff5bf1a581744e5b83a0b5cbef50944beb
- SSDEEP
  
  768:o/XSf5PSxqHwcVwyIeWQe/cekbGF3iZqTt6jXi/xUrY7W9w8:o/W5PeDRhHQmcRbGFSZqTA4z
Score

7^/10
- Changes its process name
- Deletes itself
- Renames itself
- Unexpected DNS network traffic destination
  Network traffic to other servers than the configured DNS servers was detected on the DNS port.
- Enumerates active TCP sockets
  Gets active TCP sockets from /proc virtual filesystem.
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Network Configuration Discovery

System Network Connections Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1