Overview

overview

10

Static

static

7

e460144b8e...78.elf

debian-9-armhf

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    e460144b8e4f7b3c8f215278565bf478.elf

  • Size

    24KB

  • Sample

    240404-vjjkjada8w

  • MD5

    e460144b8e4f7b3c8f215278565bf478

  • SHA1

    244a3037d3e04fea2012855868b91a2196d293b0

  • SHA256

    35e500918fff28f07e3c0740f734fcf37b6c33c011c21c9803053fb127987ac6

  • SHA512

    6a886a0819d7679d5b3fb038a86c17b2f57751fd0d7c4cb4cd5d9c5c23ab8e0f87f771ca41a460cd08e76ffbdb8e2ced5f8f19843a8cf12468b6fc98964c6bff

  • SSDEEP

    384:z38IW6VpRfffL4yNpWjbN/Kv6cCGuTzM0dtTYT+eFIbTxTanq/hymdGUop5hkO:z38IBRT4KwxuuGqM0gP8AOs3Uozf

Score
10/10
miraibotnetdiscoveryupx

Malware Config

Targets

    • Target

      e460144b8e4f7b3c8f215278565bf478.elf

    • Size

      24KB

    • MD5

      e460144b8e4f7b3c8f215278565bf478

    • SHA1

      244a3037d3e04fea2012855868b91a2196d293b0

    • SHA256

      35e500918fff28f07e3c0740f734fcf37b6c33c011c21c9803053fb127987ac6

    • SHA512

      6a886a0819d7679d5b3fb038a86c17b2f57751fd0d7c4cb4cd5d9c5c23ab8e0f87f771ca41a460cd08e76ffbdb8e2ced5f8f19843a8cf12468b6fc98964c6bff

    • SSDEEP

      384:z38IW6VpRfffL4yNpWjbN/Kv6cCGuTzM0dtTYT+eFIbTxTanq/hymdGUop5hkO:z38IBRT4KwxuuGqM0gP8AOs3Uozf

    Score
    10/10
    miraibotnetdiscovery

    • Mirai

      Mirai is a prevalent Linux malware infecting exposed network devices.

      botnetmirai

    • Contacts a large (35320) amount of remote hosts

      This may indicate a network scan to discover remotely running services.

      discovery

    • Creates a large amount of network flows

      This may indicate a network scan to discover remotely running services.

      discovery

    • Changes its process name

    • Modifies Watchdog functionality

      Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.

    • Writes file to system bin folder

    behavioral1

MITRE ATT&CK Enterprise v15

Tasks