Overview

overview

10

Static

static

7

SecuriteIn...87.elf

debian-9-mips

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    SecuriteInfo.com.Linux.Siggen.9999.10949.15787.elf

  • Size

    42KB

  • Sample

    240423-bwt29aah79

  • MD5

    93c9ffb7a705f30be9f12d8d1bed6d91

  • SHA1

    1d86917cc58aeaaaf50039bb18f98bc4fcad87cf

  • SHA256

    29213fd7a918cf8ca8952f78ea82c0b098426676f0c302883f1206117406bfae

  • SHA512

    cd7cef161103d467b963da63ead451836eeabb698d34d7137a8795b6a8ff351d4f2876cf6b7c3470c02a7152fa3f3a5fe56298af1b3508e96ed4038cdbbdef21

  • SSDEEP

    768:GSFpc0Z5RazniRDBcTdLszC2ScaE2BKhrA7t8wjxW9exJgGlzDpUYs5:3cwazUW1E2AtA7iwN+qVqYm

Score
10/10
miraiunstablebotnetdiscoverypersistenceupx

Malware Config

Extracted

Family

mirai

Botnet

UNSTABLE

Targets

    • Target

      SecuriteInfo.com.Linux.Siggen.9999.10949.15787.elf

    • Size

      42KB

    • MD5

      93c9ffb7a705f30be9f12d8d1bed6d91

    • SHA1

      1d86917cc58aeaaaf50039bb18f98bc4fcad87cf

    • SHA256

      29213fd7a918cf8ca8952f78ea82c0b098426676f0c302883f1206117406bfae

    • SHA512

      cd7cef161103d467b963da63ead451836eeabb698d34d7137a8795b6a8ff351d4f2876cf6b7c3470c02a7152fa3f3a5fe56298af1b3508e96ed4038cdbbdef21

    • SSDEEP

      768:GSFpc0Z5RazniRDBcTdLszC2ScaE2BKhrA7t8wjxW9exJgGlzDpUYs5:3cwazUW1E2AtA7iwN+qVqYm

    Score
    10/10
    miraiunstablebotnetdiscoverypersistence

    • Mirai

      Mirai is a prevalent Linux malware infecting exposed network devices.

      botnetmirai

    • Contacts a large (219434) amount of remote hosts

      This may indicate a network scan to discover remotely running services.

      discovery

    • Creates a large amount of network flows

      This may indicate a network scan to discover remotely running services.

      discovery

    • Modifies Watchdog functionality

      Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.

    • Modifies systemd

      Adds/ modifies systemd service files. Likely to achieve persistence.

      persistence

    • Writes file to system bin folder

    behavioral1

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

1
T1547

Hijack Execution Flow

1
T1574

Privilege Escalation

Boot or Logon Autostart Execution

1
T1547

Hijack Execution Flow

1
T1574

Defense Evasion

Impair Defenses

1
T1562

Hijack Execution Flow

1
T1574

Credential Access

Discovery

Network Service Discovery

2
T1046

System Information Discovery

1
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks