mirai | 14b162eed3f3f592b5bb6b6b86e817a81834301ce1fe3500a7c328e041a81f66 | Triage

Sharing

General

Target

14b162eed3f3f592b5bb6b6b86e817a81834301ce1fe3500a7c328e041a81f66.elf
Size

56KB
Sample

240423-bfgf8aaf4z
MD5

4a4918771d934ff309164274607c2205
SHA1

322f493d728a7129d62226c79f460ac5db371c36
SHA256

14b162eed3f3f592b5bb6b6b86e817a81834301ce1fe3500a7c328e041a81f66
SHA512

53a8ff980e952b16a38f8bf60e1aad7ef0db880e91e67c80a9a0de44e6df00817a083b409f4922fb9e6e35828994514d059f9461e261d7f486bee389a6d8417c
SSDEEP

1536:JXJd/HuM7TaI2eSYZffwlmwubPXzpyQvVwRUL0ztn56TrT/XD:BJxnP2eSI3wkwopdVwRUL0ztnwnLD

Score

10^/10

mirai botnet upx

Malware Config

Extracted

Family

mirai

C2

spagetti.openproxylist.info

Targets

- Target
  
  14b162eed3f3f592b5bb6b6b86e817a81834301ce1fe3500a7c328e041a81f66.elf
- Size
  
  56KB
- MD5
  
  4a4918771d934ff309164274607c2205
- SHA1
  
  322f493d728a7129d62226c79f460ac5db371c36
- SHA256
  
  14b162eed3f3f592b5bb6b6b86e817a81834301ce1fe3500a7c328e041a81f66
- SHA512
  
  53a8ff980e952b16a38f8bf60e1aad7ef0db880e91e67c80a9a0de44e6df00817a083b409f4922fb9e6e35828994514d059f9461e261d7f486bee389a6d8417c
- SSDEEP
  
  1536:JXJd/HuM7TaI2eSYZffwlmwubPXzpyQvVwRUL0ztn56TrT/XD:BJxnP2eSI3wkwopdVwRUL0ztnwnLD
Score

10^/10

mirai botnet
- Mirai
  Mirai is a prevalent Linux malware infecting exposed network devices.
  botnet mirai
- Deletes itself
- Modifies Watchdog functionality
  Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.
- Traces itself
  Traces itself to prevent debugging attempts
- Writes file to system bin folder
behavioral1

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Hijack Execution Flow

Privilege Escalation

Hijack Execution Flow

Defense Evasion

Impair Defenses

Hijack Execution Flow

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1