mirai | 13540d307298c3fa4fd9baefbf587415b5de36fb36281fa26302534b7b91cc44 | Triage

Sharing

General

Target

926dc6a593417048b904eebdbfd89fed.bin
Size

34KB
Sample

240630-ddhydawepm
MD5

ab273e4ec891a397b5ac32a0cd676952
SHA1

243eec548d2f52b8c544b83645b4f4ee28c4a5f7
SHA256

13540d307298c3fa4fd9baefbf587415b5de36fb36281fa26302534b7b91cc44
SHA512

fe361836a0b4fad44cbf3308a943f7db3594fbb32d9d312c03c94dfa76ce0261a981e4dd129051ee73aac8ee0604b024bde6ec76b24f5d3a5748b8ada9a2f25a
SSDEEP

768:rd235K0NcNRXyC/AOu40o42YMsjjZrZ0epxNoWrEi+u/b9weU:rgNcNRXyCor4X42wRpx+gIuzml

Score

10^/10

mirai mirai

Malware Config

Extracted

Family

mirai

Botnet

MIRAI

Targets

- Target
  
  019dba311a35ff6a1178fc13adb29c862cadb3241b0ecb87040596f784f597e3.elf
- Size
  
  113KB
- MD5
  
  926dc6a593417048b904eebdbfd89fed
- SHA1
  
  03d9eaa92766471d52f035f598bba0bc2f151ee2
- SHA256
  
  019dba311a35ff6a1178fc13adb29c862cadb3241b0ecb87040596f784f597e3
- SHA512
  
  1f6e0db61c631a7f643c7abbbe8dc3680506524a52b41304b305bc0b23283c35fbf703bdbf879ae8081bd7c670624b62b19d0d9c185e81715a0a8adaf98814ab
- SSDEEP
  
  3072:cjvFH+/Thnjextd8Ce0mLjZBnvgrUNfTNM63MWWcF/UFb1lmWK4:cRH+/Thjo8Ce0mLjZBnvgrUAdFb1lmWB
Score

7^/10
- Deletes itself
- Modifies Watchdog functionality
  Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.
- Enumerates active TCP sockets
  Gets active TCP sockets from /proc virtual filesystem.
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Impair Defenses

Credential Access

Discovery

System Network Configuration Discovery

System Network Connections Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1