mirai | e4de686b8c68b68d43db2b67344abee711c1bb23afaa928cf794383d6ab5cac1 | Triage

Sharing

General

Target

3b6ecbcacd995de85dfcc29459cd22dd.bin
Size

38KB
Sample

240325-bypwbacd34
MD5

7eaee8739881f9de2a5979c48eed6928
SHA1

2d60e74d8351b40c2b3ff78bd5a235764ccd2328
SHA256

e4de686b8c68b68d43db2b67344abee711c1bb23afaa928cf794383d6ab5cac1
SHA512

d044d942247402bee4036e7ba5f8371b8c01f89d78a40cfe0d6da55946e395130ccdf179f1e75cec12e954ba639126f4d217dc9765da5aeb4c1c9f96d0c44f56
SSDEEP

768:pXauqMxE6SCkFIfK0Hcm/lC50/687XYn74Ca/VS8sEOtv0ERqb:pqwkFIfK0R9Kwons3oEOtv0Ecb

Score

10^/10

mirai antivm

Malware Config

Targets

- Target
  
  8b0773577c771bacca86dc3d92b60750745f9b29b33294ca3c7cb4481ed4c7b7.elf
- Size
  
  90KB
- MD5
  
  3b6ecbcacd995de85dfcc29459cd22dd
- SHA1
  
  b00c94cebc054724d3cf94052368ec09c3976746
- SHA256
  
  8b0773577c771bacca86dc3d92b60750745f9b29b33294ca3c7cb4481ed4c7b7
- SHA512
  
  70e27caad7f16bd12c86a198c4d660031061d429c51fbb5268af82012e64c4fd63e5db36b817df0446e6c23866b3f03d7c80cd6b95beb86a024f9b9897d9e361
- SSDEEP
  
  1536:7Vtl7c+XdPHHiKbN+YBpQVd1dgKjXgZVF0B/MoZVWB0v2YgYZ3u5:7VtVXdPHCKbNiHjXgdooZYZ3
Score

7^/10

antivm
- Changes its process name
- Modifies Watchdog functionality
  Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.
- Checks CPU configuration
  Checks CPU information which indicate if the system is a virtual machine.
  antivm
- Writes file to system bin folder
behavioral1

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Hijack Execution Flow

Privilege Escalation

Hijack Execution Flow

Defense Evasion

Impair Defenses

Virtualization/Sandbox Evasion

Hijack Execution Flow

Credential Access

Discovery

Virtualization/Sandbox Evasion

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1