mirai | 2b388a77fc944aa9aef86966a4d208093fd1da3af93ad964cc27a65580ccc7a2 | Triage

Submit
Reports

Overview

overview

Static

static

ea34be57e2...62.elf

debian-12-mipsel

9

Sharing

General

Target

2b388a77fc944aa9aef86966a4d208093fd1da3af93ad964cc27a65580ccc7a2
Size

48KB
Sample

240728-behynasame
MD5

0ed0111b3e7c8695cec5604549a71a90
SHA1

f9883ea18338e38a04eaa6391f06f171400062ba
SHA256

2b388a77fc944aa9aef86966a4d208093fd1da3af93ad964cc27a65580ccc7a2
SHA512

40248758a4e703d0b53b23b727947795af661b860975c6904bf326be6e1c9cc1c90a81475fe7baf6d55572eea6913dd72fc2a48e8c96f3c19cbd44c9374cdc95
SSDEEP

1536:ZIPpBAPvACnkl24a7LqQR+U0cfGqFks5gto:ZIxBAgTLa7GQ+XqOG

Score

10^/10

mirai botnet discovery evasion

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

ea34be57e26322312d30b6ec0c94fe036e9fb85aaf276e83f79ba0e6a5893c62.elf

Resource

debian12-mipsel-20240418-en

discovery evasion

debian-12-mipsel

8 signatures

150 seconds

Malware Config

Extracted

Family

mirai

Botnet

BOTNET

C2

cyberbotne.stresse.live

Targets

- Target
  
  ea34be57e26322312d30b6ec0c94fe036e9fb85aaf276e83f79ba0e6a5893c62.elf
- Size
  
  115KB
- MD5
  
  01138e39f90a5ec3392a0a72c58116b3
- SHA1
  
  8cb53b2a249ff6c25cf3870dc229a67edb7907e2
- SHA256
  
  ea34be57e26322312d30b6ec0c94fe036e9fb85aaf276e83f79ba0e6a5893c62
- SHA512
  
  8d8aaca7ad26145f55f5b87ac6e903fb381fa15f62fe5b03c6665456b8af47620a3b010155a8ae2936aa664cbdc9e63258e6549cbe4ab8def9f59e58bf667072
- SSDEEP
  
  3072:jOnMoRgStkUFSwNgN9VGUVGfBdG+ydW/:jOnyokUFM3VnE5EdW
Score

9^/10

discovery evasion
- Contacts a large (112854) amount of remote hosts
  This may indicate a network scan to discover remotely running services.
  discovery
- Creates a large amount of network flows
  This may indicate a network scan to discover remotely running services.
  discovery
- Deletes Audit logs
  Deletes logs related to the Linux Audit framework.
  evasion
- Deletes journal logs
  Deletes systemd journal logs. Likely to evade detection.
  evasion
- Modifies Watchdog functionality
  Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.
- Enumerates running processes
  Discovers information about currently running processes on the system
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Impair Defenses

Indicator Removal

Credential Access

Discovery

Network Service Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

discoveryevasion

© 2018-2024

Terms | Privacy