mirai | c78ccfaed2521b5bd28ab2734dca7b5aae28cd2657f945b2ad1997c500d2d849 | Triage

Sharing

General

Target

bef5663c3dcfbc3e1866bcf74f3f7516.elf
Size

70KB
Sample

240331-hj77nsga95
MD5

bef5663c3dcfbc3e1866bcf74f3f7516
SHA1

0edfb6350c07e8f5b5f5984785b9e13dc644b3a5
SHA256

c78ccfaed2521b5bd28ab2734dca7b5aae28cd2657f945b2ad1997c500d2d849
SHA512

da11e67633e6512d11611ebb6ee4f3ef7a4cec7e9329f1f3072256e194a11f88acbadb256855e937097a21568b6eae1b9f5c45a8fb131cb05072b6afb14c7619
SSDEEP

1536:/NgPoiiWrhOlSuqLb4+3BpHISQaCOqCQIxXrFvM:/NgPsZxq/42pHIB/ABM

Score

10^/10

mirai antivm

Malware Config

Extracted

Family

mirai

C2

giga.giganoob.xyz

Targets

- Target
  
  bef5663c3dcfbc3e1866bcf74f3f7516.elf
- Size
  
  70KB
- MD5
  
  bef5663c3dcfbc3e1866bcf74f3f7516
- SHA1
  
  0edfb6350c07e8f5b5f5984785b9e13dc644b3a5
- SHA256
  
  c78ccfaed2521b5bd28ab2734dca7b5aae28cd2657f945b2ad1997c500d2d849
- SHA512
  
  da11e67633e6512d11611ebb6ee4f3ef7a4cec7e9329f1f3072256e194a11f88acbadb256855e937097a21568b6eae1b9f5c45a8fb131cb05072b6afb14c7619
- SSDEEP
  
  1536:/NgPoiiWrhOlSuqLb4+3BpHISQaCOqCQIxXrFvM:/NgPsZxq/42pHIB/ABM
Score

7^/10

antivm
- Changes its process name
- Modifies Watchdog functionality
  Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.
- Checks CPU configuration
  Checks CPU information which indicate if the system is a virtual machine.
  antivm
- Writes file to system bin folder
behavioral1

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Hijack Execution Flow

Privilege Escalation

Hijack Execution Flow

Defense Evasion

Impair Defenses

Virtualization/Sandbox Evasion

Hijack Execution Flow

Credential Access

Discovery

Virtualization/Sandbox Evasion

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1