mirai | 7a1604ce41807bf2483f3c8d23239ee914c3154f0c4c573cd58bfda68715dd2a | Triage

Sharing

General

Target

a2ae553b89389d515b47660ec718cf5e.bin
Size

39KB
Sample

240630-dqg7lswgkj
MD5

5456b8a79782c41d483863c2a58dcd9a
SHA1

937edeb35c6ce1b7af0742629d40fb9eb5c47d18
SHA256

7a1604ce41807bf2483f3c8d23239ee914c3154f0c4c573cd58bfda68715dd2a
SHA512

5ff607b4540bdae996ac0540f8350b9337be444fcbc8058f3c0316f9dbdb8186117b93028cd1213e967bd9d9d361ac7e71c025a5fca550ff63b4ac3f6b83d1a9
SSDEEP

768:Hs3BmSYI/k2UwcM+WbnlKlrVVm4en7g5fpjnYGG6Dml1HZpEKmTx3yL:OszBO3+I0r0efFPMVZpEKmTQ

Score

10^/10

mirai mirai

Malware Config

Extracted

Family

mirai

Botnet

MIRAI

Targets

- Target
  
  c28ee2f2b8e72bfe7052c290d86ebbbd7efd58d54163c81565eb0985b27b667a.elf
- Size
  
  125KB
- MD5
  
  a2ae553b89389d515b47660ec718cf5e
- SHA1
  
  c07eb050592dba7c646123942b5f0a6fd253caee
- SHA256
  
  c28ee2f2b8e72bfe7052c290d86ebbbd7efd58d54163c81565eb0985b27b667a
- SHA512
  
  16d0b23566ca9f658eff815348c14adc61286319ce196e88d2f7d2def1869bf79b15b756853811a954abf0f1ff478b26a4ade59fe8460c680491a29e7264c1e2
- SSDEEP
  
  3072:wQrGMMCztfFJsd6BFif4qB92KUe4SaROJIgrU257NPVvidlsk7Fb1lxWy:BrvztfFJsAmpcKUe4SaRO6grUhzFb1lJ
Score

7^/10
- Deletes itself
- Modifies Watchdog functionality
  Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.
- Enumerates active TCP sockets
  Gets active TCP sockets from /proc virtual filesystem.
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Impair Defenses

Credential Access

Discovery

System Network Configuration Discovery

System Network Connections Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1