mirai | 9acf74ed41b43d6a30553357207327a16384b72dcf5b619d8fe6f57691fb4312 | Triage

Submit
Reports

Overview

overview

Static

static

7

9acf74ed41...12.elf

ubuntu-18.04-amd64

Sharing

Copy URL Twitter E-mail

General

Target

9acf74ed41b43d6a30553357207327a16384b72dcf5b619d8fe6f57691fb4312.elf
Size

27KB
Sample

240417-cdmqwsaf64
MD5

c22b3065a83528958bc236d214cbfc8b
SHA1

541def44ab5907e876dd74857041af37d809d93e
SHA256

9acf74ed41b43d6a30553357207327a16384b72dcf5b619d8fe6f57691fb4312
SHA512

9bcc32db53243fdbfe495e29b9d1597a1710f437aaa5726303a7d018f2bd0ed999d35b452f8544553aa5d94fd77fe70d7973d4853ee6e1d87756ca15caf7032c
SSDEEP

768:hPglXhOQ2TdsR8Ue57nH8yxZl06KCyiwSWsClTLKT:+X2ThUe57nPZl9RwSWsQHA

Score

10^/10

mirai unstable botnet discovery linux upx

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

9acf74ed41b43d6a30553357207327a16384b72dcf5b619d8fe6f57691fb4312.elf

Resource

ubuntu1804-amd64-20240226-en

mirai unstable botnet discovery

ubuntu-18.04-amd64

8 signatures

150 seconds

Malware Config

Extracted

Family

mirai

Botnet

UNSTABLE

C2

b.doxbin.top

Targets

- Target
  
  9acf74ed41b43d6a30553357207327a16384b72dcf5b619d8fe6f57691fb4312.elf
- Size
  
  27KB
- MD5
  
  c22b3065a83528958bc236d214cbfc8b
- SHA1
  
  541def44ab5907e876dd74857041af37d809d93e
- SHA256
  
  9acf74ed41b43d6a30553357207327a16384b72dcf5b619d8fe6f57691fb4312
- SHA512
  
  9bcc32db53243fdbfe495e29b9d1597a1710f437aaa5726303a7d018f2bd0ed999d35b452f8544553aa5d94fd77fe70d7973d4853ee6e1d87756ca15caf7032c
- SSDEEP
  
  768:hPglXhOQ2TdsR8Ue57nH8yxZl06KCyiwSWsClTLKT:+X2ThUe57nPZl9RwSWsQHA
Score

10^/10

mirai unstable botnet discovery
- Mirai
  Mirai is a prevalent Linux malware infecting exposed network devices.
  botnet mirai
- Contacts a large (57183) amount of remote hosts
  This may indicate a network scan to discover remotely running services.
  discovery
- Creates a large amount of network flows
  This may indicate a network scan to discover remotely running services.
  discovery
- Changes its process name
- Modifies Watchdog functionality
  Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.
- Enumerates running processes
  Discovers information about currently running processes on the system
- Writes file to system bin folder
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Hijack Execution Flow

Privilege Escalation

Hijack Execution Flow

Defense Evasion

Hijack Execution Flow

Impair Defenses

Credential Access

Discovery

Network Service Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

miraiunstablebotnetdiscovery

© 2018-2025

Terms | Privacy