mirai | 7d4ff2fd0814eafd9be188a78ccd0eda31b5ee56738bafed2f9332993138fa07 | Triage

Sharing

General

Target

7d4ff2fd0814eafd9be188a78ccd0eda31b5ee56738bafed2f9332993138fa07.elf
Size

70KB
Sample

240330-cngbvsff63
MD5

be66be87e18fa8f89cb5773b348e2d44
SHA1

62803db97d8f7400abc96e73af39ec540fbeacc4
SHA256

7d4ff2fd0814eafd9be188a78ccd0eda31b5ee56738bafed2f9332993138fa07
SHA512

b698cf6fd7ac015cba93e63cfc83f5a5982bb00345d7b31ccbf523b4dda101148e7da238b12750c8c24d207c88f3ffa26799868dfb1160ced2ddf9a947e33c41
SSDEEP

1536:9N0tcaYWrhslpYV79irqT19hdoa0Ow/S+LTB7vc:9N0tSToV79CY19hKsklc

Score

10^/10

mirai antivm

Malware Config

Targets

- Target
  
  7d4ff2fd0814eafd9be188a78ccd0eda31b5ee56738bafed2f9332993138fa07.elf
- Size
  
  70KB
- MD5
  
  be66be87e18fa8f89cb5773b348e2d44
- SHA1
  
  62803db97d8f7400abc96e73af39ec540fbeacc4
- SHA256
  
  7d4ff2fd0814eafd9be188a78ccd0eda31b5ee56738bafed2f9332993138fa07
- SHA512
  
  b698cf6fd7ac015cba93e63cfc83f5a5982bb00345d7b31ccbf523b4dda101148e7da238b12750c8c24d207c88f3ffa26799868dfb1160ced2ddf9a947e33c41
- SSDEEP
  
  1536:9N0tcaYWrhslpYV79irqT19hdoa0Ow/S+LTB7vc:9N0tSToV79CY19hKsklc
Score

7^/10

antivm
- Changes its process name
- Modifies Watchdog functionality
  Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.
- Checks CPU configuration
  Checks CPU information which indicate if the system is a virtual machine.
  antivm
- Writes file to system bin folder
behavioral1

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Hijack Execution Flow

Privilege Escalation

Hijack Execution Flow

Defense Evasion

Impair Defenses

Virtualization/Sandbox Evasion

Hijack Execution Flow

Credential Access

Discovery

Virtualization/Sandbox Evasion

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1