mirai | ea34be57e26322312d30b6ec0c94fe036e9fb85aaf276e83f79ba0e6a5893c62 | Triage

Submit
Reports

Overview

overview

Static

static

ea34be57e2...62.elf

debian-12-mipsel

9

Sharing

General

Target

ea34be57e26322312d30b6ec0c94fe036e9fb85aaf276e83f79ba0e6a5893c62.elf
Size

115KB
Sample

240727-vtzz9stara
MD5

01138e39f90a5ec3392a0a72c58116b3
SHA1

8cb53b2a249ff6c25cf3870dc229a67edb7907e2
SHA256

ea34be57e26322312d30b6ec0c94fe036e9fb85aaf276e83f79ba0e6a5893c62
SHA512

8d8aaca7ad26145f55f5b87ac6e903fb381fa15f62fe5b03c6665456b8af47620a3b010155a8ae2936aa664cbdc9e63258e6549cbe4ab8def9f59e58bf667072
SSDEEP

3072:jOnMoRgStkUFSwNgN9VGUVGfBdG+ydW/:jOnyokUFM3VnE5EdW

Score

10^/10

mirai botnet discovery evasion

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

ea34be57e26322312d30b6ec0c94fe036e9fb85aaf276e83f79ba0e6a5893c62.elf

Resource

debian12-mipsel-20240221-en

discovery evasion

debian-12-mipsel

8 signatures

150 seconds

Malware Config

Extracted

Family

mirai

Botnet

BOTNET

C2

cyberbotne.stresse.live

Targets

- Target
  
  ea34be57e26322312d30b6ec0c94fe036e9fb85aaf276e83f79ba0e6a5893c62.elf
- Size
  
  115KB
- MD5
  
  01138e39f90a5ec3392a0a72c58116b3
- SHA1
  
  8cb53b2a249ff6c25cf3870dc229a67edb7907e2
- SHA256
  
  ea34be57e26322312d30b6ec0c94fe036e9fb85aaf276e83f79ba0e6a5893c62
- SHA512
  
  8d8aaca7ad26145f55f5b87ac6e903fb381fa15f62fe5b03c6665456b8af47620a3b010155a8ae2936aa664cbdc9e63258e6549cbe4ab8def9f59e58bf667072
- SSDEEP
  
  3072:jOnMoRgStkUFSwNgN9VGUVGfBdG+ydW/:jOnyokUFM3VnE5EdW
Score

9^/10

discovery evasion
- Contacts a large (111816) amount of remote hosts
  This may indicate a network scan to discover remotely running services.
  discovery
- Creates a large amount of network flows
  This may indicate a network scan to discover remotely running services.
  discovery
- Deletes Audit logs
  Deletes logs related to the Linux Audit framework.
  evasion
- Deletes journal logs
  Deletes systemd journal logs. Likely to evade detection.
  evasion
- Modifies Watchdog functionality
  Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.
- Enumerates running processes
  Discovers information about currently running processes on the system
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Impair Defenses

Indicator Removal

Credential Access

Discovery

Network Service Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

discoveryevasion

© 2018-2024

Terms | Privacy