mirai | 023a49b27d0b741a27487cc730e2289da4170336dc2c106db22e8fa3864d3c02 | Triage

Submit
Reports

Overview

overview

Static

static

88e66d3ffd...d1.elf

debian-12-armhf

9

Sharing

General

Target

88e66d3ffdb78ac36dec93f81f898ad1.elf
Size

153KB
Sample

240726-s4rqjawhnk
MD5

88e66d3ffdb78ac36dec93f81f898ad1
SHA1

70383254c1f54b1401ba28ca982cc08b8a8f8cc5
SHA256

023a49b27d0b741a27487cc730e2289da4170336dc2c106db22e8fa3864d3c02
SHA512

0a00edfdac538586177dedb64df0fb28421b05220ae9a050c158ccdae929fab537637aa6011909793b428c34cb8fdbd630ef2471b563b5c584a621fe14e52b3e
SSDEEP

3072:HNaEkEJoa9niU5yae9xfKqF6bBtUKKRsSY6rOYLYM/9iAn9Q:HNa09iWyae9xfKq2BifdY6rOY8M/9Z9Q

Score

10^/10

mirai botnet discovery evasion

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

88e66d3ffdb78ac36dec93f81f898ad1.elf

Resource

debian12-armhf-20240221-en

discovery evasion

debian-12-armhf

8 signatures

150 seconds

Malware Config

Extracted

Family

mirai

Botnet

BOTNET

C2

cyberbotne.stresse.live

Targets

- Target
  
  88e66d3ffdb78ac36dec93f81f898ad1.elf
- Size
  
  153KB
- MD5
  
  88e66d3ffdb78ac36dec93f81f898ad1
- SHA1
  
  70383254c1f54b1401ba28ca982cc08b8a8f8cc5
- SHA256
  
  023a49b27d0b741a27487cc730e2289da4170336dc2c106db22e8fa3864d3c02
- SHA512
  
  0a00edfdac538586177dedb64df0fb28421b05220ae9a050c158ccdae929fab537637aa6011909793b428c34cb8fdbd630ef2471b563b5c584a621fe14e52b3e
- SSDEEP
  
  3072:HNaEkEJoa9niU5yae9xfKqF6bBtUKKRsSY6rOYLYM/9iAn9Q:HNa09iWyae9xfKq2BifdY6rOY8M/9Z9Q
Score

9^/10

discovery evasion
- Contacts a large (112607) amount of remote hosts
  This may indicate a network scan to discover remotely running services.
  discovery
- Creates a large amount of network flows
  This may indicate a network scan to discover remotely running services.
  discovery
- Deletes Audit logs
  Deletes logs related to the Linux Audit framework.
  evasion
- Deletes journal logs
  Deletes systemd journal logs. Likely to evade detection.
  evasion
- Modifies Watchdog functionality
  Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.
- Enumerates running processes
  Discovers information about currently running processes on the system
behavioral1

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Indicator Removal

Impair Defenses

Credential Access

Discovery

Network Service Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

discoveryevasion

© 2018-2024

Terms | Privacy