mirai | f57d2d47686c9004b6da2816842cad966f1e5f58449e3eb1b1377f22b7c8a886 | Triage

Sharing

General

Target

b50493bdb05ffabc7cda0080614282f9.elf
Size

175KB
Sample

240411-qy359sce69
MD5

b50493bdb05ffabc7cda0080614282f9
SHA1

a81d8ce5ef49d70529b05756ec910e1c55050b34
SHA256

f57d2d47686c9004b6da2816842cad966f1e5f58449e3eb1b1377f22b7c8a886
SHA512

a25d6132a539b842d0fb2c79742aa71a90a46461f48498bf8df03fc9fdbc965001293e4ddabcd1cb2f9e87fddd7fd6ee9388fbc723e2a71ed02f3f161ebbf839
SSDEEP

3072:4UYsgNeI2by0O6jtaC8Bgo6qsW8rdZ18XJHG+WmM/944Efd3:4UYsgNe00O6taC8Bgo6qr8ZeJHG+DM/0

Score

10^/10

mirai antivm

Malware Config

Extracted

Family

mirai

C2

80.66.79.43

Targets

- Target
  
  b50493bdb05ffabc7cda0080614282f9.elf
- Size
  
  175KB
- MD5
  
  b50493bdb05ffabc7cda0080614282f9
- SHA1
  
  a81d8ce5ef49d70529b05756ec910e1c55050b34
- SHA256
  
  f57d2d47686c9004b6da2816842cad966f1e5f58449e3eb1b1377f22b7c8a886
- SHA512
  
  a25d6132a539b842d0fb2c79742aa71a90a46461f48498bf8df03fc9fdbc965001293e4ddabcd1cb2f9e87fddd7fd6ee9388fbc723e2a71ed02f3f161ebbf839
- SSDEEP
  
  3072:4UYsgNeI2by0O6jtaC8Bgo6qsW8rdZ18XJHG+WmM/944Efd3:4UYsgNe00O6taC8Bgo6qr8ZeJHG+DM/0
Score

7^/10

antivm
- Changes its process name
- Modifies Watchdog functionality
  Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.
- Checks CPU configuration
  Checks CPU information which indicate if the system is a virtual machine.
  antivm
- Writes file to system bin folder
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Hijack Execution Flow

Privilege Escalation

Hijack Execution Flow

Defense Evasion

Hijack Execution Flow

Impair Defenses

Virtualization/Sandbox Evasion

Credential Access

Discovery

Virtualization/Sandbox Evasion

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1