General

  • Target

    b03e5a62e44af9f96b0dcdab205ed37d7a9c9fa493a91dd778b1d4c9e8145835.elf

  • Size

    36KB

  • Sample

    240419-b8lxeaed7s

  • MD5

    5a938d6d9b64103069be9151d19b41e4

  • SHA1

    0519b03db4f95cfa79bbe4d6ebb675634e7c8178

  • SHA256

    b03e5a62e44af9f96b0dcdab205ed37d7a9c9fa493a91dd778b1d4c9e8145835

  • SHA512

    96ee692c2a689c0ea212aed3ccd37f538d8e7f2582ac7493da1e33b9743549a11bda22feeb39c58ee5508c8c71c0464955b60d1fa7f46406ff4b3dfa7b7d2b6e

  • SSDEEP

    768:J/hL3imUau24c2TP1jJAGRkaF/3Q/HWau4Gq4uaGiIBS0H3Uo:J/h3i3audcgJAGRdF/g/ju4GqzaGiIBN

Malware Config

Extracted

Family

mirai

Botnet

KYTON

Targets

    • Target

      b03e5a62e44af9f96b0dcdab205ed37d7a9c9fa493a91dd778b1d4c9e8145835.elf

    • Size

      36KB

    • MD5

      5a938d6d9b64103069be9151d19b41e4

    • SHA1

      0519b03db4f95cfa79bbe4d6ebb675634e7c8178

    • SHA256

      b03e5a62e44af9f96b0dcdab205ed37d7a9c9fa493a91dd778b1d4c9e8145835

    • SHA512

      96ee692c2a689c0ea212aed3ccd37f538d8e7f2582ac7493da1e33b9743549a11bda22feeb39c58ee5508c8c71c0464955b60d1fa7f46406ff4b3dfa7b7d2b6e

    • SSDEEP

      768:J/hL3imUau24c2TP1jJAGRkaF/3Q/HWau4Gq4uaGiIBS0H3Uo:J/h3i3audcgJAGRdF/g/ju4GqzaGiIBN

    • Mirai

      Mirai is a prevalent Linux malware infecting exposed network devices.

    • Contacts a large (110045) amount of remote hosts

      This may indicate a network scan to discover remotely running services.

    • Creates a large amount of network flows

      This may indicate a network scan to discover remotely running services.

    • Changes its process name

    • Modifies Watchdog functionality

      Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.

    • Enumerates active TCP sockets

      Gets active TCP sockets from /proc virtual filesystem.

    • Writes file to system bin folder

MITRE ATT&CK Enterprise v15

Tasks