mirai | 754109c1e57f8afae30f696d3ac6547d9df6341f6250b9b6d1e0cca0b0e25ee6 | Triage

Sharing

General

Target

754109c1e57f8afae30f696d3ac6547d9df6341f6250b9b6d1e0cca0b0e25ee6.elf
Size

24KB
Sample

240411-bt52qsbf6v
MD5

fad75956d7884a937c2c0ddc4d177ffc
SHA1

4615c2f330ee57ae005b29932c32d90e2debff1d
SHA256

754109c1e57f8afae30f696d3ac6547d9df6341f6250b9b6d1e0cca0b0e25ee6
SHA512

0b979e230aceeeb5441493a0b87524a6a791d5d5ec9bb867d47375392fd36f74323a8913be3d858718fe23014c3296a6ef4f037e79fe948ac871109add2cac7f
SSDEEP

384:MXYwdbjcsRFyzxCbxn6NNW3JDTxMOTJ3vOwAU+5p5WfQbCTEokupXG+Qr1GvtIqY:IYIbosXwYU2ZHhlcUK5bbqTXTlK

Score

10^/10

mirai mirai botnet linux upx

Malware Config

Extracted

Family

mirai

Botnet

MIRAI

Targets

- Target
  
  754109c1e57f8afae30f696d3ac6547d9df6341f6250b9b6d1e0cca0b0e25ee6.elf
- Size
  
  24KB
- MD5
  
  fad75956d7884a937c2c0ddc4d177ffc
- SHA1
  
  4615c2f330ee57ae005b29932c32d90e2debff1d
- SHA256
  
  754109c1e57f8afae30f696d3ac6547d9df6341f6250b9b6d1e0cca0b0e25ee6
- SHA512
  
  0b979e230aceeeb5441493a0b87524a6a791d5d5ec9bb867d47375392fd36f74323a8913be3d858718fe23014c3296a6ef4f037e79fe948ac871109add2cac7f
- SSDEEP
  
  384:MXYwdbjcsRFyzxCbxn6NNW3JDTxMOTJ3vOwAU+5p5WfQbCTEokupXG+Qr1GvtIqY:IYIbosXwYU2ZHhlcUK5bbqTXTlK
Score

10^/10

mirai mirai botnet
- Mirai
  Mirai is a prevalent Linux malware infecting exposed network devices.
  botnet mirai
- Changes its process name
- Deletes itself
- Modifies Watchdog functionality
  Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.
- Enumerates active TCP sockets
  Gets active TCP sockets from /proc virtual filesystem.
behavioral1

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Impair Defenses

Credential Access

Discovery

System Network Connections Discovery

System Network Configuration Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

miraimiraibotnet