mirai | 02fbbe2be07977009b820832f285cdbdf2ee5356dfb9849d340623a99c6dbbb0 | Triage

Sharing

General

Target

02fbbe2be07977009b820832f285cdbdf2ee5356dfb9849d340623a99c6dbbb0.elf
Size

66KB
Sample

240213-dgwnmseg58
MD5

79982cc2cf9d89f148b7c1aeb2ca8e96
SHA1

f81dca859e788620037a303bfb30414ab97a897e
SHA256

02fbbe2be07977009b820832f285cdbdf2ee5356dfb9849d340623a99c6dbbb0
SHA512

6567507abef81e418c9c3b43421053dc2801715ab589cb7d27dc57447e3741ef81be5624780b74079ed840006feb5a4cfd8a9bca35e79f439ad1d2ed9b59a384
SSDEEP

768:TVlVF+tKLGNApNpFtFNffS6qNSb3BaD741gP6tGUrQoBacyUBU5wkZL:X6yRNf1KPyFY2Uikx

Score

10^/10

mirai

Malware Config

Targets

- Target
  
  02fbbe2be07977009b820832f285cdbdf2ee5356dfb9849d340623a99c6dbbb0.elf
- Size
  
  66KB
- MD5
  
  79982cc2cf9d89f148b7c1aeb2ca8e96
- SHA1
  
  f81dca859e788620037a303bfb30414ab97a897e
- SHA256
  
  02fbbe2be07977009b820832f285cdbdf2ee5356dfb9849d340623a99c6dbbb0
- SHA512
  
  6567507abef81e418c9c3b43421053dc2801715ab589cb7d27dc57447e3741ef81be5624780b74079ed840006feb5a4cfd8a9bca35e79f439ad1d2ed9b59a384
- SSDEEP
  
  768:TVlVF+tKLGNApNpFtFNffS6qNSb3BaD741gP6tGUrQoBacyUBU5wkZL:X6yRNf1KPyFY2Uikx
Score

7^/10
- Changes its process name
- Deletes itself
- Renames itself
- Unexpected DNS network traffic destination
  Network traffic to other servers than the configured DNS servers was detected on the DNS port.
- Enumerates active TCP sockets
  Gets active TCP sockets from /proc virtual filesystem.
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Network Configuration Discovery

System Network Connections Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1