mirai | 4fa26b78cfdd3f8b01a71ca21887edf09992df20e9e0af039912273e04ccdad4 | Triage

Sharing

General

Target

4fa26b78cfdd3f8b01a71ca21887edf09992df20e9e0af039912273e04ccdad4.elf
Size

29KB
Sample

240504-bmv8ysce24
MD5

ad9e6788e549220e3a985bcad8e9c8e4
SHA1

856d27e7e159e7e8511195e01f06673eaefb4f9b
SHA256

4fa26b78cfdd3f8b01a71ca21887edf09992df20e9e0af039912273e04ccdad4
SHA512

eb5c426704b5fa2e8b721db9d224c607fb0db41b744d0491e0e2e459e9e95bb584ccd592d241e827301104478b9d4cf29c6c159cb306997ba2da0b3b564c6ab5
SSDEEP

768:ELZW56tNDAFiY4FGG1Nn8MPDEzg6cHoC5IsznbcuyD7U0/2j:FMtmij8wyVcj5xnouy8jj

Score

10^/10

mirai kyton botnet discovery linux upx

Malware Config

Extracted

Family

mirai

Botnet

KYTON

Targets

- Target
  
  4fa26b78cfdd3f8b01a71ca21887edf09992df20e9e0af039912273e04ccdad4.elf
- Size
  
  29KB
- MD5
  
  ad9e6788e549220e3a985bcad8e9c8e4
- SHA1
  
  856d27e7e159e7e8511195e01f06673eaefb4f9b
- SHA256
  
  4fa26b78cfdd3f8b01a71ca21887edf09992df20e9e0af039912273e04ccdad4
- SHA512
  
  eb5c426704b5fa2e8b721db9d224c607fb0db41b744d0491e0e2e459e9e95bb584ccd592d241e827301104478b9d4cf29c6c159cb306997ba2da0b3b564c6ab5
- SSDEEP
  
  768:ELZW56tNDAFiY4FGG1Nn8MPDEzg6cHoC5IsznbcuyD7U0/2j:FMtmij8wyVcj5xnouy8jj
Score

10^/10

mirai kyton botnet discovery
- Mirai
  Mirai is a prevalent Linux malware infecting exposed network devices.
  botnet mirai
- Contacts a large (112059) amount of remote hosts
  This may indicate a network scan to discover remotely running services.
  discovery
- Creates a large amount of network flows
  This may indicate a network scan to discover remotely running services.
  discovery
- Modifies Watchdog functionality
  Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.
- Enumerates active TCP sockets
  Gets active TCP sockets from /proc virtual filesystem.
- Writes file to system bin folder
behavioral1

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Hijack Execution Flow

Privilege Escalation

Hijack Execution Flow

Defense Evasion

Impair Defenses

Hijack Execution Flow

Credential Access

Discovery

Network Service Discovery

System Network Connections Discovery

System Network Configuration Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

miraikytonbotnetdiscovery