mirai | 35ec3957284489e6d17662c218c896bd061c20ac74ad5ac92c9d21c1207d3bff | Triage

Sharing

General

Target

debug.dbg
Size

91KB
Sample

240521-mda27shh28
MD5

11db8cb7e4d3cec9d914eb4c89350b71
SHA1

499eb1ef841bfb16df9f7926270778445d5b647a
SHA256

35ec3957284489e6d17662c218c896bd061c20ac74ad5ac92c9d21c1207d3bff
SHA512

6d3ae8f0990be076781023beec7625a90009fdd3947dd94260a573f1ac97d1a9d3e31b32d98ec06a3cd57d114556f2c7c3a1e3cfdcb68472d37c1fbb2b64c2f5
SSDEEP

1536:fLt2lC18J1oybOPVMoGYZe6loa/S76W9dCC:ffIoy2GYvfoyC

Score

10^/10

mirai unstable linux

Malware Config

Extracted

Family

mirai

Botnet

UNSTABLE

C2

cnc.nperm.net

scan.nperm.net

Targets

- Target
  
  debug.dbg
- Size
  
  91KB
- MD5
  
  11db8cb7e4d3cec9d914eb4c89350b71
- SHA1
  
  499eb1ef841bfb16df9f7926270778445d5b647a
- SHA256
  
  35ec3957284489e6d17662c218c896bd061c20ac74ad5ac92c9d21c1207d3bff
- SHA512
  
  6d3ae8f0990be076781023beec7625a90009fdd3947dd94260a573f1ac97d1a9d3e31b32d98ec06a3cd57d114556f2c7c3a1e3cfdcb68472d37c1fbb2b64c2f5
- SSDEEP
  
  1536:fLt2lC18J1oybOPVMoGYZe6loa/S76W9dCC:ffIoy2GYvfoyC
Score

7^/10
- Deletes itself
- Modifies Watchdog functionality
  Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.
- Writes file to system bin folder
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Hijack Execution Flow

Privilege Escalation

Hijack Execution Flow

Defense Evasion

Hijack Execution Flow

Impair Defenses

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1