mirai | 0a6f323fb3f6f5e4f6794c3c517032462fde04d1d81a0f73ccc783b7b4a7ffab | Triage

Sharing

General

Target

133e13c704e07858f22294055dceaa59.bin
Size

66KB
Sample

240325-bl4tpseh4x
MD5

15e05e61d0a6f528373c5704c51d39d0
SHA1

4bbc3166f7e5de9e77d362c4d786fb9b5ea0981a
SHA256

0a6f323fb3f6f5e4f6794c3c517032462fde04d1d81a0f73ccc783b7b4a7ffab
SHA512

bf351bdc11e5036d052b70fd6201979a843e3afa15f9567baed770aa1283b04976e7c1afe5eb3384e757f17624c1dc0f4e95fe43fb8d9914cf3c119c9a92e7c3
SSDEEP

1536:NU3oWR+2NQ4d8Mjm7iY6GYBkPXMnbMpFMWBtIbUQeLu0WP4SXI3Ae:NU3nR+2+BMi7/KnbmFBBq6BU+v

Score

10^/10

mirai antivm

Malware Config

Targets

- Target
  
  431c80bffa394db6bbae71d178e9555ea6ada435584a598b067cb19e8d8ef221.elf
- Size
  
  147KB
- MD5
  
  133e13c704e07858f22294055dceaa59
- SHA1
  
  6284055aebe6e3f4b4b24a9527e332d53768bd5c
- SHA256
  
  431c80bffa394db6bbae71d178e9555ea6ada435584a598b067cb19e8d8ef221
- SHA512
  
  bfb26c583ed612a47e2e19ae20ccc23125853536160b52471dcc2ab594bdbfc5fb7c1587f903fae39dd498c4466ed26afe339f7da8adfa2431f42ba3d8ccf581
- SSDEEP
  
  3072:lQjvnYBSaqD8ZuccRvUWnbGocsMKTQupM/9lW:lQj/aSaqD8ZuccRcWJbMKMcM/9lW
Score

7^/10

antivm
- Changes its process name
- Modifies Watchdog functionality
  Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.
- Checks CPU configuration
  Checks CPU information which indicate if the system is a virtual machine.
  antivm
- Writes file to system bin folder
behavioral1

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Hijack Execution Flow

Privilege Escalation

Hijack Execution Flow

Defense Evasion

Impair Defenses

Virtualization/Sandbox Evasion

Hijack Execution Flow

Credential Access

Discovery

Virtualization/Sandbox Evasion

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1