Overview

overview

10

Static

static

7

c.mips.elf

debian-9-mips

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    c.mips.elf

  • Size

    61KB

  • Sample

    240821-qvphpsvarm

  • MD5

    7a15d0a0f1dc7530d532fd3ffc971a5b

  • SHA1

    dc3d2761edfca0e7600a8c144aad8e3b24960d9b

  • SHA256

    602058427dedab20c4e908e68fecbb6282fdd9f6f3060f3c146769bb021ade60

  • SHA512

    7efa4e1a48a5d8b7e0ba8a96079795a8efede00d78519b8a2bcc38b2327f2e18e922090013248443d0e3e747694d5b64d9e86999164299e0c5a4ec6a46e8b5a8

  • SSDEEP

    1536:K2ajjUZogWguhSM34CVJGXeFg3y3SVqY7eBrTrG8o5yK:K2aj427EMBVWeFg3y3SVqY7eG8oV

Score
10/10
miraibotnetdiscoveryupx

Malware Config

Targets

    • Target

      c.mips.elf

    • Size

      61KB

    • MD5

      7a15d0a0f1dc7530d532fd3ffc971a5b

    • SHA1

      dc3d2761edfca0e7600a8c144aad8e3b24960d9b

    • SHA256

      602058427dedab20c4e908e68fecbb6282fdd9f6f3060f3c146769bb021ade60

    • SHA512

      7efa4e1a48a5d8b7e0ba8a96079795a8efede00d78519b8a2bcc38b2327f2e18e922090013248443d0e3e747694d5b64d9e86999164299e0c5a4ec6a46e8b5a8

    • SSDEEP

      1536:K2ajjUZogWguhSM34CVJGXeFg3y3SVqY7eBrTrG8o5yK:K2aj427EMBVWeFg3y3SVqY7eG8oV

    Score
    10/10
    miraibotnetdiscovery

    • Mirai

      Mirai is a prevalent Linux malware infecting exposed network devices.

      botnetmirai

    • Contacts a large (699084) amount of remote hosts

      This may indicate a network scan to discover remotely running services.

      discovery

    • Creates a large amount of network flows

      This may indicate a network scan to discover remotely running services.

      discovery

    • Deletes itself

    • Modifies Watchdog functionality

      Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.

    • Enumerates active TCP sockets

      Gets active TCP sockets from /proc virtual filesystem.

    • Writes file to system bin folder

    behavioral1

MITRE ATT&CK Enterprise v15

Tasks