Overview

overview

10

Static

static

7

.Sx86.elf

ubuntu-18.04-amd64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    .Sx86.elf

  • Size

    29KB

  • Sample

    240427-q5s9mscc8z

  • MD5

    93cca94f14534ebf533505551b56820c

  • SHA1

    2075987808a48beafd082e3374301ec2f3449f82

  • SHA256

    d77977e5b6dd9858a92752c87b9da91e9b30f5a0c13fcfdf9452d983861d338a

  • SHA512

    07c03a4857a92943e5c26ddcb08156d9282b34cc1829262bc099e2a5a1b21fa7bc4ac92949b496899e44a92b8fbad6a411086b9eccbd1cf13bd4750ed17a0675

  • SSDEEP

    768:4KZ4OOTbjoC8wZE1Kwp1Vjtus6E+tnBnbdSU2N:4a4hva1vtws6tb5c

Score
10/10
miraibotnetlinuxupx

Malware Config

Targets

    • Target

      .Sx86.elf

    • Size

      29KB

    • MD5

      93cca94f14534ebf533505551b56820c

    • SHA1

      2075987808a48beafd082e3374301ec2f3449f82

    • SHA256

      d77977e5b6dd9858a92752c87b9da91e9b30f5a0c13fcfdf9452d983861d338a

    • SHA512

      07c03a4857a92943e5c26ddcb08156d9282b34cc1829262bc099e2a5a1b21fa7bc4ac92949b496899e44a92b8fbad6a411086b9eccbd1cf13bd4750ed17a0675

    • SSDEEP

      768:4KZ4OOTbjoC8wZE1Kwp1Vjtus6E+tnBnbdSU2N:4a4hva1vtws6tb5c

    Score
    10/10
    miraibotnet

    • Mirai

      Mirai is a prevalent Linux malware infecting exposed network devices.

      botnetmirai

    • Deletes itself

    • Modifies Watchdog functionality

      Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.

    • Traces itself

      Traces itself to prevent debugging attempts

    • Writes file to system bin folder

    behavioral1

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Hijack Execution Flow

1
T1574

Privilege Escalation

Hijack Execution Flow

1
T1574

Defense Evasion

Impair Defenses

1
T1562

Hijack Execution Flow

1
T1574

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks