General

  • Target

    miraint.mpsl.elf

  • Size

    69KB

  • Sample

    240702-e5dy6szckn

  • MD5

    f6ee7f4c0cb499b494fb87cf4c5fd229

  • SHA1

    290b3e4af244cd0c8eb5ca358247e828c340639f

  • SHA256

    93e4ec4cd498db44cb166868d00f8464d89a5bac7fcdc76115d96bdddabffdc0

  • SHA512

    0fd77e13e8a7106ed4e4b5efacc2259655d701b54fc0b77a089e54f32ae0af53ebc2e220a036970358eb75f1ff4154cb2220092e68a2223816cbea06f47001ee

  • SSDEEP

    768:CDScD5GY2naf8i2Sxt9yYExR15IP+I5vTemle5Re5bLvu35XiANe1j95E:CDSC5G9afb249FKbI5fl8RWbbyq1

Score
10/10

Malware Config

Extracted

Family

mirai

Botnet

MIRAI

Targets

    • Target

      miraint.mpsl.elf

    • Size

      69KB

    • MD5

      f6ee7f4c0cb499b494fb87cf4c5fd229

    • SHA1

      290b3e4af244cd0c8eb5ca358247e828c340639f

    • SHA256

      93e4ec4cd498db44cb166868d00f8464d89a5bac7fcdc76115d96bdddabffdc0

    • SHA512

      0fd77e13e8a7106ed4e4b5efacc2259655d701b54fc0b77a089e54f32ae0af53ebc2e220a036970358eb75f1ff4154cb2220092e68a2223816cbea06f47001ee

    • SSDEEP

      768:CDScD5GY2naf8i2Sxt9yYExR15IP+I5vTemle5Re5bLvu35XiANe1j95E:CDSC5G9afb249FKbI5fl8RWbbyq1

    Score
    7/10
    • Deletes itself

    • Modifies Watchdog functionality

      Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.

    • Enumerates active TCP sockets

      Gets active TCP sockets from /proc virtual filesystem.

MITRE ATT&CK Enterprise v15

Tasks