mirai | d4062b2a980e5934919bc4385edeff9b056a9e6afcb4b1204cb59ed85717fe98 | Triage

Sharing

General

Target

823b7a97a1bd003183b786f732a9de33.elf
Size

59KB
Sample

240309-vqvalsdf3v
MD5

823b7a97a1bd003183b786f732a9de33
SHA1

7e36d6294d99c9ec6eaec7a25ce420bab409260b
SHA256

d4062b2a980e5934919bc4385edeff9b056a9e6afcb4b1204cb59ed85717fe98
SHA512

e18dc945d5a3f106a30b9ba6f3737619e67751142aaa674e99f74b98c8d020f6cee52bb9ab9871c8a9a4c4c794bc00bfacbd9336c7e8fe4b666f333e50de44ee
SSDEEP

1536:GmxLM+eDqnWcjv6x7WSkAXrl058rj2yBWat5zrK6xAQ:lxQDqnWcMZqK3TbzG6xX

Score

10^/10

mirai mirai

Malware Config

Extracted

Family

mirai

Botnet

MIRAI

Targets

- Target
  
  823b7a97a1bd003183b786f732a9de33.elf
- Size
  
  59KB
- MD5
  
  823b7a97a1bd003183b786f732a9de33
- SHA1
  
  7e36d6294d99c9ec6eaec7a25ce420bab409260b
- SHA256
  
  d4062b2a980e5934919bc4385edeff9b056a9e6afcb4b1204cb59ed85717fe98
- SHA512
  
  e18dc945d5a3f106a30b9ba6f3737619e67751142aaa674e99f74b98c8d020f6cee52bb9ab9871c8a9a4c4c794bc00bfacbd9336c7e8fe4b666f333e50de44ee
- SSDEEP
  
  1536:GmxLM+eDqnWcjv6x7WSkAXrl058rj2yBWat5zrK6xAQ:lxQDqnWcMZqK3TbzG6xX
Score

7^/10
- Deletes itself
- Modifies Watchdog functionality
  Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.
- Enumerates active TCP sockets
  Gets active TCP sockets from /proc virtual filesystem.
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Impair Defenses

Credential Access

Discovery

System Network Configuration Discovery

System Network Connections Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1