mirai | d72e0090674786faa67a43c46fd535bfbb08a0ade84ccc542ec96478d7845403 | Triage

Sharing

General

Target

2a597a99ccc6078fe27f63d34d4535f2.elf
Size

64KB
Sample

240628-v4vhjaxemc
MD5

2a597a99ccc6078fe27f63d34d4535f2
SHA1

666934dc3f33bee267b2c1ed28792c063c76b28c
SHA256

d72e0090674786faa67a43c46fd535bfbb08a0ade84ccc542ec96478d7845403
SHA512

17d4f786f7ffe5005735995775722d169a497f68d529f23ccf64a8515b53806cb3f479dd2e8d0938b3a58430885863b8186f53f20976d94b116e985dc803abd6
SSDEEP

1536:f3nA8EZjpQOO60NjqSMT11xKbSZYuE53qBGYI6ZEOit/zIi:YB5tX0bSZbEF+87

Score

10^/10

mirai mirai

Malware Config

Extracted

Family

mirai

Botnet

MIRAI

Targets

- Target
  
  2a597a99ccc6078fe27f63d34d4535f2.elf
- Size
  
  64KB
- MD5
  
  2a597a99ccc6078fe27f63d34d4535f2
- SHA1
  
  666934dc3f33bee267b2c1ed28792c063c76b28c
- SHA256
  
  d72e0090674786faa67a43c46fd535bfbb08a0ade84ccc542ec96478d7845403
- SHA512
  
  17d4f786f7ffe5005735995775722d169a497f68d529f23ccf64a8515b53806cb3f479dd2e8d0938b3a58430885863b8186f53f20976d94b116e985dc803abd6
- SSDEEP
  
  1536:f3nA8EZjpQOO60NjqSMT11xKbSZYuE53qBGYI6ZEOit/zIi:YB5tX0bSZbEF+87
Score

7^/10
- Deletes itself
- Modifies Watchdog functionality
  Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.
- Enumerates active TCP sockets
  Gets active TCP sockets from /proc virtual filesystem.
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Impair Defenses

Credential Access

Discovery

System Network Configuration Discovery

System Network Connections Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1