mirai | 06ebfd7c39f322513b9d9131243c48a5bf59343f9ffe4e46e5713897538510be | Triage

Sharing

General

Target

06ebfd7c39f322513b9d9131243c48a5bf59343f9ffe4e46e5713897538510be.elf
Size

72KB
Sample

240420-k887dadc78
MD5

c2db0684c0057e19b3419bbc794f58a4
SHA1

41f1d8b4968c83211f7790c417f4c165b2bc2fd3
SHA256

06ebfd7c39f322513b9d9131243c48a5bf59343f9ffe4e46e5713897538510be
SHA512

66d9aa4216e9b288cd6e3d79f5389c432cf6d37656985be2e99db961e14c6a361af2efdab3b0b2fd9e3b70964de2819559b8c82a46c52e33d59e533e2bef80a0
SSDEEP

1536:m/Op/xecU/UANAplOSRgbStaod1vj5Uv31geQ1K7ndnuq555555555u55Y55555X:t/PQ7NyQSRgetXvAKQd/555555555u5s

Score

10^/10

mirai antivm linux

Malware Config

Extracted

Family

mirai

C2

185.196.8.213

Targets

- Target
  
  06ebfd7c39f322513b9d9131243c48a5bf59343f9ffe4e46e5713897538510be.elf
- Size
  
  72KB
- MD5
  
  c2db0684c0057e19b3419bbc794f58a4
- SHA1
  
  41f1d8b4968c83211f7790c417f4c165b2bc2fd3
- SHA256
  
  06ebfd7c39f322513b9d9131243c48a5bf59343f9ffe4e46e5713897538510be
- SHA512
  
  66d9aa4216e9b288cd6e3d79f5389c432cf6d37656985be2e99db961e14c6a361af2efdab3b0b2fd9e3b70964de2819559b8c82a46c52e33d59e533e2bef80a0
- SSDEEP
  
  1536:m/Op/xecU/UANAplOSRgbStaod1vj5Uv31geQ1K7ndnuq555555555u55Y55555X:t/PQ7NyQSRgetXvAKQd/555555555u5s
Score

7^/10

antivm
- Modifies Watchdog functionality
  Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.
- Writes file to system bin folder
behavioral1

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Hijack Execution Flow

Privilege Escalation

Hijack Execution Flow

Defense Evasion

Impair Defenses

Hijack Execution Flow

Virtualization/Sandbox Evasion

Credential Access

Discovery

Virtualization/Sandbox Evasion

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1