mirai | b0bf755330dd760ec2a341b73a185e8859c16da6957115889866d40f5e4c1571 | Triage

Sharing

General

Target

f9f851f1843523440a5ac59963f541cb.elf
Size

90KB
Sample

240331-hn73gagb75
MD5

f9f851f1843523440a5ac59963f541cb
SHA1

a9182ec67d38a1c2010ff111e29777c0fd673501
SHA256

b0bf755330dd760ec2a341b73a185e8859c16da6957115889866d40f5e4c1571
SHA512

cf23e4e5fbf517338802d3a18f3dceebc5d9d5eabb1644a50ae987993ef03c3fcd9297f9715fe67b45055e8038ae4202bcc77c40d032919ae17e4fbca9ebaefa
SSDEEP

1536:7Vtl7c+XdPHHiKbEyIhpQVd1dgqjXgZV0xh/MIZVWB0v2YA453uI:7VtVXdPHCKbEenjXg1Io5453

Score

10^/10

mirai antivm

Malware Config

Extracted

Family

mirai

C2

giga.giganoob.xyz

Targets

- Target
  
  f9f851f1843523440a5ac59963f541cb.elf
- Size
  
  90KB
- MD5
  
  f9f851f1843523440a5ac59963f541cb
- SHA1
  
  a9182ec67d38a1c2010ff111e29777c0fd673501
- SHA256
  
  b0bf755330dd760ec2a341b73a185e8859c16da6957115889866d40f5e4c1571
- SHA512
  
  cf23e4e5fbf517338802d3a18f3dceebc5d9d5eabb1644a50ae987993ef03c3fcd9297f9715fe67b45055e8038ae4202bcc77c40d032919ae17e4fbca9ebaefa
- SSDEEP
  
  1536:7Vtl7c+XdPHHiKbEyIhpQVd1dgqjXgZV0xh/MIZVWB0v2YA453uI:7VtVXdPHCKbEenjXg1Io5453
Score

7^/10

antivm
- Changes its process name
- Modifies Watchdog functionality
  Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.
- Checks CPU configuration
  Checks CPU information which indicate if the system is a virtual machine.
  antivm
- Writes file to system bin folder
behavioral1

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Hijack Execution Flow

Privilege Escalation

Hijack Execution Flow

Defense Evasion

Impair Defenses

Virtualization/Sandbox Evasion

Hijack Execution Flow

Credential Access

Discovery

Virtualization/Sandbox Evasion

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1