General

  • Target

    afd2cbcc7b92686d5469db3180dea454b0036a6e3f303023bfd6c78623d268a6.elf

  • Size

    31KB

  • Sample

    240803-cegahatglg

  • MD5

    ea7b4ebc73d8fa3db98bd71cd1b29c85

  • SHA1

    2eed66b7b16d34beff238e633c129e8d0027a807

  • SHA256

    afd2cbcc7b92686d5469db3180dea454b0036a6e3f303023bfd6c78623d268a6

  • SHA512

    1a50be00747757b74c0ae5171c0761f1394b51ef0194a5d63918f08b648646df2314fd63f40f437441ad01ea0720e17e8df810ee0b8d1a185219a0febb1912b5

  • SSDEEP

    768:UmieP10RD2EnAJ2kgKNnyALwALPsq2sRmXkgW4:7pPgVnaD2ALkbHb

Malware Config

Extracted

Family

mirai

Botnet

MIRAI

Targets

    • Target

      afd2cbcc7b92686d5469db3180dea454b0036a6e3f303023bfd6c78623d268a6.elf

    • Size

      31KB

    • MD5

      ea7b4ebc73d8fa3db98bd71cd1b29c85

    • SHA1

      2eed66b7b16d34beff238e633c129e8d0027a807

    • SHA256

      afd2cbcc7b92686d5469db3180dea454b0036a6e3f303023bfd6c78623d268a6

    • SHA512

      1a50be00747757b74c0ae5171c0761f1394b51ef0194a5d63918f08b648646df2314fd63f40f437441ad01ea0720e17e8df810ee0b8d1a185219a0febb1912b5

    • SSDEEP

      768:UmieP10RD2EnAJ2kgKNnyALwALPsq2sRmXkgW4:7pPgVnaD2ALkbHb

    • Mirai

      Mirai is a prevalent Linux malware infecting exposed network devices.

    • Contacts a large (20686) amount of remote hosts

      This may indicate a network scan to discover remotely running services.

    • Creates a large amount of network flows

      This may indicate a network scan to discover remotely running services.

    • Modifies Watchdog functionality

      Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.

    • Enumerates active TCP sockets

      Gets active TCP sockets from /proc virtual filesystem.

MITRE ATT&CK Enterprise v15

Tasks