Overview

overview

10

Static

static

1

54bfe1a780...5c.elf

ubuntu-18.04-amd64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    28df757f694fefc6d25939e65348753b.bin

  • Size

    271KB

  • Sample

    240426-bg3qvagg35

  • MD5

    a7783c3da884003433b6bf362035c937

  • SHA1

    c3277532d3e94e2cc86184fa784e72625aa1d40e

  • SHA256

    10335221a4233a1d182de6f47620c2c78d4b6d2ea932fad2bef6c17c10c5fef9

  • SHA512

    b0d4b4bf167e06e1852ef3f39e6211d0da26f15a3b76fe26aa0d3240eaca00f5b54e3c89e2032584a8611032efad50dfc7b7ac8c79b2181fb36296c45ac42e39

  • SSDEEP

    6144:ASMiRpk4GWSFIgYla0gcKIO8loIjzmmTT9hxrt2ewuJvWuRutRoy:ASMiRp5IPYO3HI+m39hJ4epJvWTtRv

Score
10/10
miraibotnetlinuxpersistence

Malware Config

Targets

    • Target

      54bfe1a78064d443fb977ad79eab1dda0d4588dc7644882d7f16d04ab270745c.elf

    • Size

      274KB

    • MD5

      28df757f694fefc6d25939e65348753b

    • SHA1

      aa82f4a94ad10b29ac8540a4984032b686fe1632

    • SHA256

      54bfe1a78064d443fb977ad79eab1dda0d4588dc7644882d7f16d04ab270745c

    • SHA512

      fdd557b487f2730ac79dd2299bd203493fa40437c3da7b6cf0b6c8eb05535eee78fd5f124549feb65d2b5731bb42cbab2610c7ea879c006510aa8e3422c8ace8

    • SSDEEP

      6144:Qt0eKnj/dQW/n3gGgzVHJl/44wrm9NrOIiMf4J+wvWMUxc:QtvUai3SrXdOIFgvuMR

    Score
    10/10
    miraibotnetpersistence

    • Mirai

      Mirai is a prevalent Linux malware infecting exposed network devices.

      botnetmirai

    • Modifies Watchdog functionality

      Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.

    • Unexpected DNS network traffic destination

      Network traffic to other servers than the configured DNS servers was detected on the DNS port.

    • Creates/modifies Cron job

      Cron allows running tasks on a schedule, and is commonly used for malware persistence.

      persistence

    • Modifies init.d

      Adds/modifies system service, likely for persistence.

      persistence

    • Modifies systemd

      Adds/ modifies systemd service files. Likely to achieve persistence.

      persistence

    • Writes file to system bin folder

    behavioral1

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Scheduled Task/Job

1
T1053

Persistence

Scheduled Task/Job

1
T1053

Boot or Logon Autostart Execution

2
T1547

Hijack Execution Flow

1
T1574

Privilege Escalation

Scheduled Task/Job

1
T1053

Boot or Logon Autostart Execution

2
T1547

Hijack Execution Flow

1
T1574

Defense Evasion

Impair Defenses

1
T1562

Hijack Execution Flow

1
T1574

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks