Overview

overview

10

Static

static

10

f8f15cecf2...52.elf

ubuntu-18.04-amd64

9

Sharing

Copy URL Twitter E-mail

General

  • Target

    f8f15cecf2ae7ec15a917fc3c61dcf52.elf

  • Size

    57KB

  • Sample

    240218-v9zz7sdd58

  • MD5

    f8f15cecf2ae7ec15a917fc3c61dcf52

  • SHA1

    8631eb01f1f44a20e6eb07e9a26df0dd2783b9f1

  • SHA256

    38459bc1225073655613b88f211d187f92fc6b8225fbdf8f5c01579839002b9b

  • SHA512

    ed8d18c03330421c8f67e7b54ec10cb4b5eff34466ed6a915a2d58459bdb5196f8210ebc21fcbb763bf4a074b0b0937b06a86eaa4b33a7c73d1a887f558c9a11

  • SSDEEP

    1536:yP/2+OX+hs4pIq/sxSWk/zvwt33U3zo7:O/2+++BWxSWk/TQ33mE7

Score
10/10
miraiunstdiscoverylinux

Malware Config

Extracted

Family

mirai

Botnet

UNST

Targets

    • Target

      f8f15cecf2ae7ec15a917fc3c61dcf52.elf

    • Size

      57KB

    • MD5

      f8f15cecf2ae7ec15a917fc3c61dcf52

    • SHA1

      8631eb01f1f44a20e6eb07e9a26df0dd2783b9f1

    • SHA256

      38459bc1225073655613b88f211d187f92fc6b8225fbdf8f5c01579839002b9b

    • SHA512

      ed8d18c03330421c8f67e7b54ec10cb4b5eff34466ed6a915a2d58459bdb5196f8210ebc21fcbb763bf4a074b0b0937b06a86eaa4b33a7c73d1a887f558c9a11

    • SSDEEP

      1536:yP/2+OX+hs4pIq/sxSWk/zvwt33U3zo7:O/2+++BWxSWk/TQ33mE7

    Score
    9/10
    discovery

    • Contacts a large (37130) amount of remote hosts

      This may indicate a network scan to discover remotely running services.

      discovery

    • Creates a large amount of network flows

      This may indicate a network scan to discover remotely running services.

      discovery

    • Deletes itself

    • Modifies Watchdog functionality

      Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.

    • Enumerates active TCP sockets

      Gets active TCP sockets from /proc virtual filesystem.

    • Enumerates running processes

      Discovers information about currently running processes on the system

    behavioral1

MITRE ATT&CK Enterprise v15

Tasks