mirai | 25bb0a644e2569c442f63bd4abe43c287168aa88672944e4489dbd8fdb04df5e | Triage

Sharing

General

Target

2aa6a44fedd14122e8bdfc0be5a5b7b7.elf
Size

135KB
Sample

240221-lz3tnsdh2y
MD5

2aa6a44fedd14122e8bdfc0be5a5b7b7
SHA1

787656cf627d5914351ec2754072399316fa944d
SHA256

25bb0a644e2569c442f63bd4abe43c287168aa88672944e4489dbd8fdb04df5e
SHA512

c1f9fdc2503f34f47064a519b2afa98b1bd92bba5bd1bfffe956ca999c49b1b21b4de0aed61f64dfb9f649b2d4de6f991b0314bf2dde8563fe87c9baeb583592
SSDEEP

3072:L2QUSgprrH1QaRgFxwSYDbY2ENEwDkudlmM/9Bj/:CQUJVQaRgFxwXXYkIkudQM/9Bj/

Score

10^/10

mirai mirai

Malware Config

Extracted

Family

mirai

Botnet

MIRAI

Targets

- Target
  
  2aa6a44fedd14122e8bdfc0be5a5b7b7.elf
- Size
  
  135KB
- MD5
  
  2aa6a44fedd14122e8bdfc0be5a5b7b7
- SHA1
  
  787656cf627d5914351ec2754072399316fa944d
- SHA256
  
  25bb0a644e2569c442f63bd4abe43c287168aa88672944e4489dbd8fdb04df5e
- SHA512
  
  c1f9fdc2503f34f47064a519b2afa98b1bd92bba5bd1bfffe956ca999c49b1b21b4de0aed61f64dfb9f649b2d4de6f991b0314bf2dde8563fe87c9baeb583592
- SSDEEP
  
  3072:L2QUSgprrH1QaRgFxwSYDbY2ENEwDkudlmM/9Bj/:CQUJVQaRgFxwXXYkIkudQM/9Bj/
Score

7^/10
- Changes its process name
- Modifies Watchdog functionality
  Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.
- Writes file to system bin folder
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Hijack Execution Flow

Privilege Escalation

Hijack Execution Flow

Defense Evasion

Hijack Execution Flow

Impair Defenses

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1