mirai | e180555303654e1f2b1c0337521988fdccc795a2d6ab246c9b50fee7b98f3012 | Triage

Submit
Reports

Overview

overview

Static

static

7

e180555303...12.elf

ubuntu-20.04-amd64

Sharing

General

Target

e180555303654e1f2b1c0337521988fdccc795a2d6ab246c9b50fee7b98f3012.elf
Size

35KB
Sample

240402-btr5wacf7z
MD5

c48f0e40d26ae8eb2e362393d33cd3cf
SHA1

461d5d98f71079d155f64a3e6520ab138fc10c7e
SHA256

e180555303654e1f2b1c0337521988fdccc795a2d6ab246c9b50fee7b98f3012
SHA512

b9711e2aef64796b5ac9afc7e1a6fa7a428171eb6126f3ad1418bd81b895ac7793e956484600e325fb720eabc6e2f82401009f21ee3f6e4b194dd6aad35fcb45
SSDEEP

768:cMNynmsYyYLrA4wwDZfoKGLVI5gui3pkJfd+p3LmOb+nx46x/ZsV:RAndgEXw9wK4OA5Pp7mtxX/+V

Score

10^/10

mirai mirai botnet evasion linux upx

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

e180555303654e1f2b1c0337521988fdccc795a2d6ab246c9b50fee7b98f3012.elf

Resource

ubuntu2004-amd64-20240221-en

mirai mirai botnet evasion

ubuntu-20.04-amd64

11 signatures

150 seconds

Malware Config

Extracted

Family

mirai

Botnet

MIRAI

Targets

- Target
  
  e180555303654e1f2b1c0337521988fdccc795a2d6ab246c9b50fee7b98f3012.elf
- Size
  
  35KB
- MD5
  
  c48f0e40d26ae8eb2e362393d33cd3cf
- SHA1
  
  461d5d98f71079d155f64a3e6520ab138fc10c7e
- SHA256
  
  e180555303654e1f2b1c0337521988fdccc795a2d6ab246c9b50fee7b98f3012
- SHA512
  
  b9711e2aef64796b5ac9afc7e1a6fa7a428171eb6126f3ad1418bd81b895ac7793e956484600e325fb720eabc6e2f82401009f21ee3f6e4b194dd6aad35fcb45
- SSDEEP
  
  768:cMNynmsYyYLrA4wwDZfoKGLVI5gui3pkJfd+p3LmOb+nx46x/ZsV:RAndgEXw9wK4OA5Pp7mtxX/+V
Score

10^/10

mirai mirai botnet evasion
- Mirai
  Mirai is a prevalent Linux malware infecting exposed network devices.
  botnet mirai
- Changes its process name
- Deletes Audit logs
  Deletes logs related to the Linux Audit framework.
  evasion
- Deletes itself
- Deletes journal logs
  Deletes systemd journal logs. Likely to evade detection.
  evasion
- Deletes system logs
  Deletes log file which contains global system messages. Adversaries may delete system logs to minimize their footprint.
  evasion
- Modifies Watchdog functionality
  Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.
- Deletes log files
  Deletes log files on the system.
- Enumerates running processes
  Discovers information about currently running processes on the system
- Reads CPU attributes
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Impair Defenses

Indicator Removal

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

miraimiraibotnetevasion

© 2018-2024

Terms | Privacy