mirai | 019594320a888c9ed59737c2466a943b8d15d9d7c0166e707f099d5cd1ac374e | Triage

Sharing

General

Target

f327086f96e9eb70f9c33c0128c07b58.elf
Size

147KB
Sample

240331-hj7wxaga89
MD5

f327086f96e9eb70f9c33c0128c07b58
SHA1

0a97675045e9a7c68470249b1192ab20baa3107d
SHA256

019594320a888c9ed59737c2466a943b8d15d9d7c0166e707f099d5cd1ac374e
SHA512

414b34835233471f107a94da8bdce9981bbd5776acbbd4bb2eea737b2211824df6f6647b8cbf52ad3e3f1f1f45ee14f6b4a596fe5524f3f02fdf9c78d4f30114
SSDEEP

3072:dQjvnjBCa/D8ZuccRnoWnb5ocYKKTQupM/9AeW:dQj/9Ca/D8ZuccRoW6TKKMcM/9tW

Score

10^/10

mirai antivm

Malware Config

Extracted

Family

mirai

C2

giga.giganoob.xyz

Targets

- Target
  
  f327086f96e9eb70f9c33c0128c07b58.elf
- Size
  
  147KB
- MD5
  
  f327086f96e9eb70f9c33c0128c07b58
- SHA1
  
  0a97675045e9a7c68470249b1192ab20baa3107d
- SHA256
  
  019594320a888c9ed59737c2466a943b8d15d9d7c0166e707f099d5cd1ac374e
- SHA512
  
  414b34835233471f107a94da8bdce9981bbd5776acbbd4bb2eea737b2211824df6f6647b8cbf52ad3e3f1f1f45ee14f6b4a596fe5524f3f02fdf9c78d4f30114
- SSDEEP
  
  3072:dQjvnjBCa/D8ZuccRnoWnb5ocYKKTQupM/9AeW:dQj/9Ca/D8ZuccRoW6TKKMcM/9tW
Score

7^/10

antivm
- Changes its process name
- Modifies Watchdog functionality
  Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.
- Checks CPU configuration
  Checks CPU information which indicate if the system is a virtual machine.
  antivm
- Writes file to system bin folder
behavioral1

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Hijack Execution Flow

Privilege Escalation

Hijack Execution Flow

Defense Evasion

Impair Defenses

Virtualization/Sandbox Evasion

Hijack Execution Flow

Credential Access

Discovery

Virtualization/Sandbox Evasion

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1