General

  • Target

    95ff28a79fde2699c4e958a402805046.elf

  • Size

    29KB

  • Sample

    240802-lcgmxstgmm

  • MD5

    95ff28a79fde2699c4e958a402805046

  • SHA1

    79ccdc94a94ad5b049429ce24d39b2de2687d40e

  • SHA256

    17249c1c3b937ce94a977a060bb004cfd7bc48d7b86dc9a05be2fdd9f2c384c3

  • SHA512

    322faef0ade53e48a17a5b106be2c8f27c5804b5fcf0c3c07eabfcf99d88cb2b7364d521ff0c91d674569a379ec91596b4563132deb045639ed5d9a2773fa28b

  • SSDEEP

    768:mH4U61C/tREq04B3zEVZ7E/WCI5ujy0Hm5ESEPgD7nbcuyD7UHQRjX:m9wsEX4B3I37SPjLHm5Els7nouy8HyL

Malware Config

Extracted

Family

mirai

Botnet

MIRAI

Targets

    • Target

      95ff28a79fde2699c4e958a402805046.elf

    • Size

      29KB

    • MD5

      95ff28a79fde2699c4e958a402805046

    • SHA1

      79ccdc94a94ad5b049429ce24d39b2de2687d40e

    • SHA256

      17249c1c3b937ce94a977a060bb004cfd7bc48d7b86dc9a05be2fdd9f2c384c3

    • SHA512

      322faef0ade53e48a17a5b106be2c8f27c5804b5fcf0c3c07eabfcf99d88cb2b7364d521ff0c91d674569a379ec91596b4563132deb045639ed5d9a2773fa28b

    • SSDEEP

      768:mH4U61C/tREq04B3zEVZ7E/WCI5ujy0Hm5ESEPgD7nbcuyD7UHQRjX:m9wsEX4B3I37SPjLHm5Els7nouy8HyL

    • Mirai

      Mirai is a prevalent Linux malware infecting exposed network devices.

    • Contacts a large (20477) amount of remote hosts

      This may indicate a network scan to discover remotely running services.

    • Creates a large amount of network flows

      This may indicate a network scan to discover remotely running services.

    • Modifies Watchdog functionality

      Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.

    • Enumerates active TCP sockets

      Gets active TCP sockets from /proc virtual filesystem.

    • Enumerates running processes

      Discovers information about currently running processes on the system

MITRE ATT&CK Enterprise v15

Tasks