mirai | 2a2ab4fdea61753e71c2af4a7dec171fc6606f051febfc6574459922f0683f68 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

2a2ab4fdea61753e71c2af4a7dec171fc6606f051febfc6574459922f0683f68.elf
Size

69KB
Sample

240310-cj7m9aaa5t
MD5

97f36910e1c3b90a69d4e9da7b3d45e2
SHA1

d845d218073f2efabf1fe3150ac88c4cd052083e
SHA256

2a2ab4fdea61753e71c2af4a7dec171fc6606f051febfc6574459922f0683f68
SHA512

805cc67e3a792833d0423daca852b3d9722505cd2048a3963a4bbb2a18e82393bdbab0a7248d6aa08647045d3d328345f8424d5491f934517dfc49e3ee78f324
SSDEEP

768:CDScD5GY2naf8i2Sxt9yYExR1QIT45fTemle5Re5brvuX5XiANe1j9xE:CDSC5G9afb249FKn4pfl8RWb7Sq1

Score

10^/10

mirai mirai

Malware Config

Extracted

Family

mirai

Botnet

MIRAI

Targets

- Target
  
  2a2ab4fdea61753e71c2af4a7dec171fc6606f051febfc6574459922f0683f68.elf
- Size
  
  69KB
- MD5
  
  97f36910e1c3b90a69d4e9da7b3d45e2
- SHA1
  
  d845d218073f2efabf1fe3150ac88c4cd052083e
- SHA256
  
  2a2ab4fdea61753e71c2af4a7dec171fc6606f051febfc6574459922f0683f68
- SHA512
  
  805cc67e3a792833d0423daca852b3d9722505cd2048a3963a4bbb2a18e82393bdbab0a7248d6aa08647045d3d328345f8424d5491f934517dfc49e3ee78f324
- SSDEEP
  
  768:CDScD5GY2naf8i2Sxt9yYExR1QIT45fTemle5Re5brvuX5XiANe1j9xE:CDSC5G9afb249FKn4pfl8RWb7Sq1
Score

7^/10
- Changes its process name
- Deletes itself
- Modifies Watchdog functionality
  Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.
- Enumerates active TCP sockets
  Gets active TCP sockets from /proc virtual filesystem.
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Impair Defenses

Credential Access

Discovery

System Network Configuration Discovery

System Network Connections Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1