mirai | 32eb792d457b885242edbc9fab22d9376692cc5aaa260f8237e6367c63f90967 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

botx.mips.elf
Size

112KB
Sample

240630-wwfj3ssalf
MD5

9bff3f780ff1a7bf65981a9a933978ee
SHA1

ecd357fb0fe7129f48d030dfb54172f8251523c1
SHA256

32eb792d457b885242edbc9fab22d9376692cc5aaa260f8237e6367c63f90967
SHA512

84aad9090d889d29f9582cd90e84dfd07a818fcdb4bb278e8d105a65e772e5bc931a7a77dab0c28545dd792fee16a83cc61b43d8127a0d9deb1e00314999159f
SSDEEP

3072:9Po79yzckFqB5hrtr5OKiv/u4e14fmqBemEz:9Po7EzcVB5hrZQB24jfmqBemEz

Score

10^/10

mirai condi discovery

Malware Config

Extracted

Family

mirai

Botnet

CONDI

C2

report.condinet.cf

Targets

- Target
  
  botx.mips.elf
- Size
  
  112KB
- MD5
  
  9bff3f780ff1a7bf65981a9a933978ee
- SHA1
  
  ecd357fb0fe7129f48d030dfb54172f8251523c1
- SHA256
  
  32eb792d457b885242edbc9fab22d9376692cc5aaa260f8237e6367c63f90967
- SHA512
  
  84aad9090d889d29f9582cd90e84dfd07a818fcdb4bb278e8d105a65e772e5bc931a7a77dab0c28545dd792fee16a83cc61b43d8127a0d9deb1e00314999159f
- SSDEEP
  
  3072:9Po79yzckFqB5hrtr5OKiv/u4e14fmqBemEz:9Po7EzcVB5hrZQB24jfmqBemEz
Score

9^/10

discovery
- Contacts a large (39148) amount of remote hosts
  This may indicate a network scan to discover remotely running services.
  discovery
- Creates a large amount of network flows
  This may indicate a network scan to discover remotely running services.
  discovery
- Modifies Watchdog functionality
  Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.
- Writes file to system bin folder
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Hijack Execution Flow

Privilege Escalation

Hijack Execution Flow

Defense Evasion

Hijack Execution Flow

Impair Defenses

Credential Access

Discovery

Network Service Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1