mirai | 040a656ed2944cca98b21c85f3536a8c55a4f2ddd16fa6ed95a7069d41375e58 | Triage

Submit
Reports

Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

Static

static

b8d291edf2...79.elf

debian-9-armhf

9

Sharing

General

Target

ca003adee80a69a3dc3ac0b699b81b7e.bin
Size

31KB
Sample

240220-d8cpvaba48
MD5

bb60c331f003f6cc2b6acda662f2f0dc
SHA1

5a1dc32dc201aa72ba906cc37526f130da628c35
SHA256

040a656ed2944cca98b21c85f3536a8c55a4f2ddd16fa6ed95a7069d41375e58
SHA512

8e8b50d01dbcba260998632b6a3ce004bacadf41985f3cfcb6618bd7933a079f4a81cc2c9675a5e616ff2eadaaf2eb0364f10f94b09da4b5ce6b40b783a268b0
SSDEEP

768:7/lrrUa0v1dK47dCkPyWf9ZrgftiQbg+jmkENZDWB:hX0v1dK47dCkPv9Zcfwgg+jlB

Score

10^/10

mirai unst discovery

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

b8d291edf226dc928a9ccef9956832d61a65b6eec346a2be35a9cb7f3ce12379.elf

Resource

debian9-armhf-20231222-en

debian-9-armhf

9 signatures

150 seconds

Malware Config

Extracted

Family

mirai

Botnet

UNST

Targets

- Target
  
  b8d291edf226dc928a9ccef9956832d61a65b6eec346a2be35a9cb7f3ce12379.elf
- Size
  
  62KB
- MD5
  
  ca003adee80a69a3dc3ac0b699b81b7e
- SHA1
  
  da9a817b3cdf1759510cedf33a65214bba56f590
- SHA256
  
  b8d291edf226dc928a9ccef9956832d61a65b6eec346a2be35a9cb7f3ce12379
- SHA512
  
  1ab719dab038d38fb036137ca640af0a28cd23bfc665ad98c743f2553d5b2049fa87f2f4ae9c82f85ead8471a2f76426e2988888c6d26ff207aeb64f8e982be2
- SSDEEP
  
  768:R3nEczUZzYHTg13Je1t0zYRx0v6zJpbLA57MQHiLwCVy/Jx+5H8hG1rmCd/574yN:ZEFZyTg61tsYJLA54JeZWnxCBf
Score

9^/10

discovery
- Contacts a large (40905) amount of remote hosts
  This may indicate a network scan to discover remotely running services.
  discovery
- Creates a large amount of network flows
  This may indicate a network scan to discover remotely running services.
  discovery
- Deletes itself
- Modifies Watchdog functionality
  Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.
- Enumerates active TCP sockets
  Gets active TCP sockets from /proc virtual filesystem.
- Enumerates running processes
  Discovers information about currently running processes on the system
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Impair Defenses

Credential Access

Discovery

Network Service Discovery

System Network Configuration Discovery

System Network Connections Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

© 2018-2025

Terms | Privacy