mirai | dd069eab28303d5fe6a6a9f8567ba883f5896a082009fc80e483d5d3a799d7f3 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

dd069eab28303d5fe6a6a9f8567ba883f5896a082009fc80e483d5d3a799d7f3.elf
Size

93KB
Sample

240822-m6sgystcma
MD5

1ae3918d68c66555b0c2785f5e1d1ed1
SHA1

3bf2ac45e61c66b4c72e0339cfcaf9d219a66b88
SHA256

dd069eab28303d5fe6a6a9f8567ba883f5896a082009fc80e483d5d3a799d7f3
SHA512

fc72379d1e18fef5b723b37a9cfe629da59c5755fe09a6d42b530cb3750048523c9cbc9fe1ec8b891c78e405d847205510b01160ede651124c4ea9dc3b639518
SSDEEP

1536:DjHhNu9jc8zdh3KGSMUMjcutjwaVxMnFu3IuRObHpB99DhIrnkv:PHhg9jc8P69NqcudBV6nFu3TRaJ/v

Score

10^/10

mirai botnet linux rootkit

Malware Config

Extracted

Family

mirai

C2

secure.microsoftconnect.net

binary.microsoftconnect.net

mysql.microsoftconnect.net

Targets

- Target
  
  dd069eab28303d5fe6a6a9f8567ba883f5896a082009fc80e483d5d3a799d7f3.elf
- Size
  
  93KB
- MD5
  
  1ae3918d68c66555b0c2785f5e1d1ed1
- SHA1
  
  3bf2ac45e61c66b4c72e0339cfcaf9d219a66b88
- SHA256
  
  dd069eab28303d5fe6a6a9f8567ba883f5896a082009fc80e483d5d3a799d7f3
- SHA512
  
  fc72379d1e18fef5b723b37a9cfe629da59c5755fe09a6d42b530cb3750048523c9cbc9fe1ec8b891c78e405d847205510b01160ede651124c4ea9dc3b639518
- SSDEEP
  
  1536:DjHhNu9jc8zdh3KGSMUMjcutjwaVxMnFu3IuRObHpB99DhIrnkv:PHhg9jc8P69NqcudBV6nFu3TRaJ/v
Score

10^/10

mirai botnet rootkit
- Mirai
  Mirai is a prevalent Linux malware infecting exposed network devices.
  botnet mirai
- Loads a kernel module
  Loads a Linux kernel module, potentially to achieve persistence
  rootkit
- Write file to user bin folder
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Hijack Execution Flow

Privilege Escalation

Hijack Execution Flow

Defense Evasion

Hijack Execution Flow

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

miraibotnetrootkit