mirai | ded0b3101d0cf256b0a87535dd5d006176c0aa59c023bfbd2c6eac4fc6f0d40b | Triage

Submit
Reports

Overview

overview

Static

static

7

ded0b3101d...0b.elf

debian-9-mips

Sharing

General

Target

ded0b3101d0cf256b0a87535dd5d006176c0aa59c023bfbd2c6eac4fc6f0d40b.elf
Size

34KB
Sample

240402-btdmgscf6z
MD5

bd3d9006bbf218921abe0aee33ac9052
SHA1

98a252a065accee829e6911a8bef0544cc1c8427
SHA256

ded0b3101d0cf256b0a87535dd5d006176c0aa59c023bfbd2c6eac4fc6f0d40b
SHA512

e15d88851f29bf459d998a9c912c407e88678d4de8e1910749cc03a4e4f1fe18f14c201f9993a8cf324beb9b50a2496092d401295bd0a2058717798b4fc527eb
SSDEEP

768:nmyOC2vN/YhN6hZjnmjdkFXAbirLAU+gTNZYYrZQPS4JgGlzDpbuR1JYy:mY2vON6Dj0aQ23AGTNvIS4VJuyy

Score

10^/10

mirai mirai botnet evasion upx

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

ded0b3101d0cf256b0a87535dd5d006176c0aa59c023bfbd2c6eac4fc6f0d40b.elf

Resource

debian9-mipsbe-20240226-en

mirai mirai botnet evasion

debian-9-mips

9 signatures

150 seconds

Malware Config

Extracted

Family

mirai

Botnet

MIRAI

Targets

- Target
  
  ded0b3101d0cf256b0a87535dd5d006176c0aa59c023bfbd2c6eac4fc6f0d40b.elf
- Size
  
  34KB
- MD5
  
  bd3d9006bbf218921abe0aee33ac9052
- SHA1
  
  98a252a065accee829e6911a8bef0544cc1c8427
- SHA256
  
  ded0b3101d0cf256b0a87535dd5d006176c0aa59c023bfbd2c6eac4fc6f0d40b
- SHA512
  
  e15d88851f29bf459d998a9c912c407e88678d4de8e1910749cc03a4e4f1fe18f14c201f9993a8cf324beb9b50a2496092d401295bd0a2058717798b4fc527eb
- SSDEEP
  
  768:nmyOC2vN/YhN6hZjnmjdkFXAbirLAU+gTNZYYrZQPS4JgGlzDpbuR1JYy:mY2vON6Dj0aQ23AGTNvIS4VJuyy
Score

10^/10

mirai mirai botnet evasion
- Mirai
  Mirai is a prevalent Linux malware infecting exposed network devices.
  botnet mirai
- Changes its process name
- Deletes Audit logs
  Deletes logs related to the Linux Audit framework.
  evasion
- Deletes itself
- Deletes system logs
  Deletes log file which contains global system messages. Adversaries may delete system logs to minimize their footprint.
  evasion
- Modifies Watchdog functionality
  Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.
- Deletes log files
  Deletes log files on the system.
- Enumerates running processes
  Discovers information about currently running processes on the system
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Impair Defenses

Indicator Removal

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

miraimiraibotnetevasion

© 2018-2024

Terms | Privacy