mirai | 8b0773577c771bacca86dc3d92b60750745f9b29b33294ca3c7cb4481ed4c7b7 | Triage

Sharing

General

Target

8b0773577c771bacca86dc3d92b60750745f9b29b33294ca3c7cb4481ed4c7b7.elf
Size

90KB
Sample

240324-c6sslsgg46
MD5

3b6ecbcacd995de85dfcc29459cd22dd
SHA1

b00c94cebc054724d3cf94052368ec09c3976746
SHA256

8b0773577c771bacca86dc3d92b60750745f9b29b33294ca3c7cb4481ed4c7b7
SHA512

70e27caad7f16bd12c86a198c4d660031061d429c51fbb5268af82012e64c4fd63e5db36b817df0446e6c23866b3f03d7c80cd6b95beb86a024f9b9897d9e361
SSDEEP

1536:7Vtl7c+XdPHHiKbN+YBpQVd1dgKjXgZVF0B/MoZVWB0v2YgYZ3u5:7VtVXdPHCKbNiHjXgdooZYZ3

Score

10^/10

mirai antivm

Malware Config

Targets

- Target
  
  8b0773577c771bacca86dc3d92b60750745f9b29b33294ca3c7cb4481ed4c7b7.elf
- Size
  
  90KB
- MD5
  
  3b6ecbcacd995de85dfcc29459cd22dd
- SHA1
  
  b00c94cebc054724d3cf94052368ec09c3976746
- SHA256
  
  8b0773577c771bacca86dc3d92b60750745f9b29b33294ca3c7cb4481ed4c7b7
- SHA512
  
  70e27caad7f16bd12c86a198c4d660031061d429c51fbb5268af82012e64c4fd63e5db36b817df0446e6c23866b3f03d7c80cd6b95beb86a024f9b9897d9e361
- SSDEEP
  
  1536:7Vtl7c+XdPHHiKbN+YBpQVd1dgKjXgZVF0B/MoZVWB0v2YgYZ3u5:7VtVXdPHCKbNiHjXgdooZYZ3
Score

7^/10

antivm
- Changes its process name
- Modifies Watchdog functionality
  Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.
- Checks CPU configuration
  Checks CPU information which indicate if the system is a virtual machine.
  antivm
- Writes file to system bin folder
behavioral1

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Hijack Execution Flow

Privilege Escalation

Hijack Execution Flow

Defense Evasion

Impair Defenses

Virtualization/Sandbox Evasion

Hijack Execution Flow

Credential Access

Discovery

Virtualization/Sandbox Evasion

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1