mirai | 237d2a3d31c4c848cd4883d7ae77047914649401ada05bf61cf48ff2793b4a22 | Triage

Sharing

General

Target

b27eeb84b54c3cbbefd7eed086097c86.bin
Size

30KB
Sample

240424-can5jsea21
MD5

a29ff44ff867884cacbde5d46f151ef3
SHA1

693a21eead46f989ebfe3372c6edb5f653dbb8b1
SHA256

237d2a3d31c4c848cd4883d7ae77047914649401ada05bf61cf48ff2793b4a22
SHA512

3dbcc6de5ae1aef5080dc6d253553774c5a902f8d330ed182fbfc769b2744b45305e17c705372536e203ccf63802ae86512ee4f407771f23363efd74a75fc149
SSDEEP

768:VoxV7hCYMdCxawn1gG4HISRF06EfbjZgoQLhut:2f70dCxa4gG/SRWJbjZJQLhY

Score

10^/10

mirai botnet upx

Malware Config

Extracted

Family

mirai

C2

spagetti.openproxylist.info

Targets

- Target
  
  2f84a18564ad0853e8c4853a610c42df170a3c0e50316ad65931201a727ff9bc.elf
- Size
  
  31KB
- MD5
  
  b27eeb84b54c3cbbefd7eed086097c86
- SHA1
  
  b8b1c4f53e531a867d95aac5c87dd577cfa81799
- SHA256
  
  2f84a18564ad0853e8c4853a610c42df170a3c0e50316ad65931201a727ff9bc
- SHA512
  
  25bf88566b537e61e0b567c61b66898f901c268c407d304f555bc2039355b5e13c1deaa02e02feb70cb5778bfcf8b693f6551e17f7450b69ea157480bcd735a7
- SSDEEP
  
  768:gjbVGaxbvqj/XGzTDuq53BLU6IauljrKEToAks3UozQ:gjBq/2zTXrLIjj8ABzQ
Score

10^/10

mirai botnet
- Mirai
  Mirai is a prevalent Linux malware infecting exposed network devices.
  botnet mirai
- Deletes itself
- Modifies Watchdog functionality
  Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.
- Traces itself
  Traces itself to prevent debugging attempts
- Writes file to system bin folder
behavioral1

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Hijack Execution Flow

Privilege Escalation

Hijack Execution Flow

Defense Evasion

Impair Defenses

Hijack Execution Flow

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1