General

  • Target

    58d890cb0d3d48c2d121997fd813439308de0f8261a0400b0ae95a11a1f5ff3b.elf

  • Size

    35KB

  • Sample

    240419-bs9njacf59

  • MD5

    d2500977ca5778dd105c2906229755cc

  • SHA1

    5f9bac2b182f7818b3f6bd5aa4a37447dfd43f99

  • SHA256

    58d890cb0d3d48c2d121997fd813439308de0f8261a0400b0ae95a11a1f5ff3b

  • SHA512

    517135439951e555745353deb8d185bd396f9724079abfaa809e43fef28134c309dc3df052ccfcb7e8f5fcf357dd9d4622dd924d8f64f040753d12d1f1880b1b

  • SSDEEP

    768:3vaocZyVFReRpnX2kCZhOe5svrBIOVJdDjwL2WMo:3iyVDe+xZhxsvd9Dd/kd

Malware Config

Extracted

Family

mirai

Botnet

UNSTABLE

Targets

    • Target

      58d890cb0d3d48c2d121997fd813439308de0f8261a0400b0ae95a11a1f5ff3b.elf

    • Size

      35KB

    • MD5

      d2500977ca5778dd105c2906229755cc

    • SHA1

      5f9bac2b182f7818b3f6bd5aa4a37447dfd43f99

    • SHA256

      58d890cb0d3d48c2d121997fd813439308de0f8261a0400b0ae95a11a1f5ff3b

    • SHA512

      517135439951e555745353deb8d185bd396f9724079abfaa809e43fef28134c309dc3df052ccfcb7e8f5fcf357dd9d4622dd924d8f64f040753d12d1f1880b1b

    • SSDEEP

      768:3vaocZyVFReRpnX2kCZhOe5svrBIOVJdDjwL2WMo:3iyVDe+xZhxsvd9Dd/kd

    • Mirai

      Mirai is a prevalent Linux malware infecting exposed network devices.

    • Contacts a large (178697) amount of remote hosts

      This may indicate a network scan to discover remotely running services.

    • Creates a large amount of network flows

      This may indicate a network scan to discover remotely running services.

    • Changes its process name

    • Modifies Watchdog functionality

      Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.

    • Writes file to system bin folder

MITRE ATT&CK Enterprise v15

Tasks