General

  • Target

    aef80e5f4130350747f75619b2a9bd5b.elf

  • Size

    30KB

  • Sample

    240802-lggtgsyfng

  • MD5

    aef80e5f4130350747f75619b2a9bd5b

  • SHA1

    ade320c3c5858db1cde044f0b589c85d967eed00

  • SHA256

    64c6ccffcdb9a1e7daafc42c332f1ece3ada2ca8aba7ec5a06e81ee551122492

  • SHA512

    cceacc4c6ad4400e84b1cb1d0d456b9054024ace7a1e6f0260b2f40436dc47b2361ac2cad8195afc2779a1496e78f3ba3d16c79eef0d123feda6c5b48a944584

  • SSDEEP

    768:vOZUS+ldEfeM3lV7yyIQ6GY82uX2H0waBEKlqs3Uozv:v7S+ldofV2nbarnzv

Malware Config

Extracted

Family

mirai

Botnet

MIRAI

Targets

    • Target

      aef80e5f4130350747f75619b2a9bd5b.elf

    • Size

      30KB

    • MD5

      aef80e5f4130350747f75619b2a9bd5b

    • SHA1

      ade320c3c5858db1cde044f0b589c85d967eed00

    • SHA256

      64c6ccffcdb9a1e7daafc42c332f1ece3ada2ca8aba7ec5a06e81ee551122492

    • SHA512

      cceacc4c6ad4400e84b1cb1d0d456b9054024ace7a1e6f0260b2f40436dc47b2361ac2cad8195afc2779a1496e78f3ba3d16c79eef0d123feda6c5b48a944584

    • SSDEEP

      768:vOZUS+ldEfeM3lV7yyIQ6GY82uX2H0waBEKlqs3Uozv:v7S+ldofV2nbarnzv

    • Mirai

      Mirai is a prevalent Linux malware infecting exposed network devices.

    • Contacts a large (19769) amount of remote hosts

      This may indicate a network scan to discover remotely running services.

    • Creates a large amount of network flows

      This may indicate a network scan to discover remotely running services.

    • Modifies Watchdog functionality

      Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.

    • Enumerates active TCP sockets

      Gets active TCP sockets from /proc virtual filesystem.

MITRE ATT&CK Enterprise v15

Tasks