mirai | a6c1a94828b01c0aacd96159919d36031dc10713a00da54945dca3676f1036be | Triage

Submit
Reports

Overview

overview

Static

static

7

a6c1a94828...be.elf

debian-9-mipsel

Sharing

General

Target

a6c1a94828b01c0aacd96159919d36031dc10713a00da54945dca3676f1036be.elf
Size

35KB
Sample

240402-bn479ada26
MD5

4808a808fec25b07e9e28b0238e0ba4a
SHA1

d3c97161ae9ed8f0d926439a3ae42d48f962d726
SHA256

a6c1a94828b01c0aacd96159919d36031dc10713a00da54945dca3676f1036be
SHA512

61e9613881baa8667f0c7ea7858944b629af24c021ba9b15a22a1b1290cb57b71d59ee4aa14bfea1263989e57f8d4668cfad368350c686b4d1783c973c33eab6
SSDEEP

768:PailI++SHdh9D+NWkWej0/RJkCWk9uqmVwv5sfDWy:Jl+SH9D+NW3e0wk9uqmVwhsX

Score

10^/10

mirai mirai botnet evasion upx

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

a6c1a94828b01c0aacd96159919d36031dc10713a00da54945dca3676f1036be.elf

Resource

debian9-mipsel-20240226-en

mirai mirai botnet evasion

debian-9-mipsel

9 signatures

150 seconds

Malware Config

Extracted

Family

mirai

Botnet

MIRAI

Targets

- Target
  
  a6c1a94828b01c0aacd96159919d36031dc10713a00da54945dca3676f1036be.elf
- Size
  
  35KB
- MD5
  
  4808a808fec25b07e9e28b0238e0ba4a
- SHA1
  
  d3c97161ae9ed8f0d926439a3ae42d48f962d726
- SHA256
  
  a6c1a94828b01c0aacd96159919d36031dc10713a00da54945dca3676f1036be
- SHA512
  
  61e9613881baa8667f0c7ea7858944b629af24c021ba9b15a22a1b1290cb57b71d59ee4aa14bfea1263989e57f8d4668cfad368350c686b4d1783c973c33eab6
- SSDEEP
  
  768:PailI++SHdh9D+NWkWej0/RJkCWk9uqmVwv5sfDWy:Jl+SH9D+NW3e0wk9uqmVwhsX
Score

10^/10

mirai mirai botnet evasion
- Mirai
  Mirai is a prevalent Linux malware infecting exposed network devices.
  botnet mirai
- Changes its process name
- Deletes Audit logs
  Deletes logs related to the Linux Audit framework.
  evasion
- Deletes itself
- Deletes system logs
  Deletes log file which contains global system messages. Adversaries may delete system logs to minimize their footprint.
  evasion
- Modifies Watchdog functionality
  Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.
- Deletes log files
  Deletes log files on the system.
- Enumerates running processes
  Discovers information about currently running processes on the system
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Impair Defenses

Indicator Removal

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

miraimiraibotnetevasion

© 2018-2024

Terms | Privacy