General

  • Target

    2a597a99ccc6078fe27f63d34d4535f2.bin

  • Size

    34KB

  • Sample

    240630-bwj72svfnj

  • MD5

    2109ed00a6f0f4eac5fa6cf3dfeb8be0

  • SHA1

    8597ae6e3b23470b7190c25ac62c055a49290f08

  • SHA256

    7c67a6d9b4ccfd5f8c47a248db1a731eaddff28642c8f6e48db4ee804e3d2a7c

  • SHA512

    1b2fc1e8d8c38d72b7428c1d50d92d1cdc898ef1dace12aaf2156f852a52af7eead3048684aafdf586496dffff8280c03f2dd0f24c703fbf856ba17df2d35764

  • SSDEEP

    768:n+4RCOQZ7Jm3vxGXeaW4aNSJe1qXa6nmqCbeuglvV:YOQBJmUOaBCSjXa6nS6uuV

Score
10/10

Malware Config

Extracted

Family

mirai

Botnet

MIRAI

Targets

    • Target

      d72e0090674786faa67a43c46fd535bfbb08a0ade84ccc542ec96478d7845403.elf

    • Size

      64KB

    • MD5

      2a597a99ccc6078fe27f63d34d4535f2

    • SHA1

      666934dc3f33bee267b2c1ed28792c063c76b28c

    • SHA256

      d72e0090674786faa67a43c46fd535bfbb08a0ade84ccc542ec96478d7845403

    • SHA512

      17d4f786f7ffe5005735995775722d169a497f68d529f23ccf64a8515b53806cb3f479dd2e8d0938b3a58430885863b8186f53f20976d94b116e985dc803abd6

    • SSDEEP

      1536:f3nA8EZjpQOO60NjqSMT11xKbSZYuE53qBGYI6ZEOit/zIi:YB5tX0bSZbEF+87

    Score
    7/10
    • Deletes itself

    • Modifies Watchdog functionality

      Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.

    • Enumerates active TCP sockets

      Gets active TCP sockets from /proc virtual filesystem.

MITRE ATT&CK Enterprise v15

Tasks