mirai | 401e8154f16267dd71e35c557662488b6cc3121d2a331579d9ce591ca034d1f9 | Triage

Sharing

General

Target

0f7b17bf97934625dc72a0fbdca902ee.elf
Size

57KB
Sample

240331-hs7x9sff7s
MD5

0f7b17bf97934625dc72a0fbdca902ee
SHA1

b0a49e21b9f9566dfedead5d6e7a3df9839fea48
SHA256

401e8154f16267dd71e35c557662488b6cc3121d2a331579d9ce591ca034d1f9
SHA512

4102a10bd8b99a33ec105c895af3e714ed45ee708b8dcb9b02733becc18e4fd6db63eba14059813ede29809a6c46cc528a7bb8b457e19b52d66c63b10d0d078c
SSDEEP

1536:v0f5JN+LtFC7GXhEPsTe3HD/cR4jr2+/SH:v0BJN+LtA+hEPsqX7cAqv

Score

10^/10

mirai antivm linux

Malware Config

Extracted

Family

mirai

C2

giga.giganoob.ru

giga.giganoob.xyz

193.141.60.143

Targets

- Target
  
  0f7b17bf97934625dc72a0fbdca902ee.elf
- Size
  
  57KB
- MD5
  
  0f7b17bf97934625dc72a0fbdca902ee
- SHA1
  
  b0a49e21b9f9566dfedead5d6e7a3df9839fea48
- SHA256
  
  401e8154f16267dd71e35c557662488b6cc3121d2a331579d9ce591ca034d1f9
- SHA512
  
  4102a10bd8b99a33ec105c895af3e714ed45ee708b8dcb9b02733becc18e4fd6db63eba14059813ede29809a6c46cc528a7bb8b457e19b52d66c63b10d0d078c
- SSDEEP
  
  1536:v0f5JN+LtFC7GXhEPsTe3HD/cR4jr2+/SH:v0BJN+LtA+hEPsqX7cAqv
Score

7^/10

antivm
- Changes its process name
- Modifies Watchdog functionality
  Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.
- Checks CPU configuration
  Checks CPU information which indicate if the system is a virtual machine.
  antivm
- Writes file to system bin folder
behavioral1

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Hijack Execution Flow

Privilege Escalation

Hijack Execution Flow

Defense Evasion

Impair Defenses

Virtualization/Sandbox Evasion

Hijack Execution Flow

Credential Access

Discovery

Virtualization/Sandbox Evasion

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1