mirai | c898eff782cea4ae1a8e0a01cf41284906dfa23f1c92f7ab401b247803075bf4 | Triage

Submit
Reports

Overview

overview

Static

static

7

ded0b3101d...0b.elf

debian-9-mips

Sharing

General

Target

bd3d9006bbf218921abe0aee33ac9052.bin
Size

33KB
Sample

240403-b7wefsce82
MD5

9a295913d028a0c66c7c861f5e0907bb
SHA1

791125cbf256cec1bf2c5f65c7e136cc8a054fb9
SHA256

c898eff782cea4ae1a8e0a01cf41284906dfa23f1c92f7ab401b247803075bf4
SHA512

7e97e8d50fe8e1d13b674c7c82bbcbd41be795f3bbbb569f513a03fd31dcd0157e64c34d37a559f4124e80f8d260a12a7c703321129db4ca34ab012acbe8596d
SSDEEP

768:s7JZKymeGJjG+nzVi9DKsKknvWFLeOsRk78di6lxoMN:yZshG+nZQlvWRRsRkgY0HN

Score

10^/10

mirai mirai botnet evasion upx

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

ded0b3101d0cf256b0a87535dd5d006176c0aa59c023bfbd2c6eac4fc6f0d40b.elf

Resource

debian9-mipsbe-20240226-en

mirai mirai botnet evasion

debian-9-mips

9 signatures

150 seconds

Malware Config

Extracted

Family

mirai

Botnet

MIRAI

Targets

- Target
  
  ded0b3101d0cf256b0a87535dd5d006176c0aa59c023bfbd2c6eac4fc6f0d40b.elf
- Size
  
  34KB
- MD5
  
  bd3d9006bbf218921abe0aee33ac9052
- SHA1
  
  98a252a065accee829e6911a8bef0544cc1c8427
- SHA256
  
  ded0b3101d0cf256b0a87535dd5d006176c0aa59c023bfbd2c6eac4fc6f0d40b
- SHA512
  
  e15d88851f29bf459d998a9c912c407e88678d4de8e1910749cc03a4e4f1fe18f14c201f9993a8cf324beb9b50a2496092d401295bd0a2058717798b4fc527eb
- SSDEEP
  
  768:nmyOC2vN/YhN6hZjnmjdkFXAbirLAU+gTNZYYrZQPS4JgGlzDpbuR1JYy:mY2vON6Dj0aQ23AGTNvIS4VJuyy
Score

10^/10

mirai mirai botnet evasion
- Mirai
  Mirai is a prevalent Linux malware infecting exposed network devices.
  botnet mirai
- Changes its process name
- Deletes Audit logs
  Deletes logs related to the Linux Audit framework.
  evasion
- Deletes itself
- Deletes system logs
  Deletes log file which contains global system messages. Adversaries may delete system logs to minimize their footprint.
  evasion
- Modifies Watchdog functionality
  Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.
- Deletes log files
  Deletes log files on the system.
- Enumerates running processes
  Discovers information about currently running processes on the system
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Impair Defenses

Indicator Removal

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

miraimiraibotnetevasion

© 2018-2024

Terms | Privacy