mirai | 807b92c4d123999523d73e31df6ede55281af79cf4d1ad4328acea6d07a239c1 | Triage

Submit
Reports

Overview

overview

Static

static

8d067840ee...f2.elf

debian-9-armhf

9

Sharing

Copy URL Twitter E-mail

General

Target

807b92c4d123999523d73e31df6ede55281af79cf4d1ad4328acea6d07a239c1
Size

72KB
Sample

240829-dfqq1azhlc
MD5

931ed22fd9e450e2b90d71d4077efe53
SHA1

8e85acc1adbda6fc3ecd4a3a2a5d49503630e71c
SHA256

807b92c4d123999523d73e31df6ede55281af79cf4d1ad4328acea6d07a239c1
SHA512

03e79e6fcf17d946eab2f86262aedda8bb028b163ef8ccc2953f2cc65d502d2a7b796bff95975941c7449d670bb62467131c9cf222e8e113f6d2c73519cdb167
SSDEEP

1536:MM7BCBvPxtaSLfNf/eLa+iz90j/nz+7vAeSMYIyAmf8z3V0i4g4m7Y:MaCBPxta25emz2/z+b9Sr+m0LVog4mc

Score

10^/10

mirai botnet discovery

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

8d067840ee0530be3bdbd994504d54cdef590146db9fe2e07901b72f0ae0b0f2.elf

Resource

debian9-armhf-20240611-en

debian-9-armhf

9 signatures

150 seconds

Malware Config

Extracted

Family

mirai

Botnet

BOTNET

Targets

- Target
  
  8d067840ee0530be3bdbd994504d54cdef590146db9fe2e07901b72f0ae0b0f2.elf
- Size
  
  162KB
- MD5
  
  342a8451e599df45b1939b3037a3c419
- SHA1
  
  ee2ecba6f84bc51430ad37e494652280defd3867
- SHA256
  
  8d067840ee0530be3bdbd994504d54cdef590146db9fe2e07901b72f0ae0b0f2
- SHA512
  
  01affab648c42658840d370960033f1aabd554d801aeaedbb3fba51937691746da94a5e1e88b38b2752ce10a028a8605e56ac04c99304ff4618fba8bc3c763a3
- SSDEEP
  
  3072:Pfz/U2fX3b/CMEfJgAMGRQuJOjkErF3Di8VP:Xzc2KBgAMeQuJOw2F3Di+
Score

9^/10

discovery
- Contacts a large (307238) amount of remote hosts
  This may indicate a network scan to discover remotely running services.
  discovery
- Creates a large amount of network flows
  This may indicate a network scan to discover remotely running services.
  discovery
- Modifies Watchdog functionality
  Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.
- Unexpected DNS network traffic destination
  Network traffic to other servers than the configured DNS servers was detected on the DNS port.
- Enumerates running processes
  Discovers information about currently running processes on the system
- Writes file to system bin folder
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Hijack Execution Flow

Privilege Escalation

Hijack Execution Flow

Defense Evasion

Hijack Execution Flow

Impair Defenses

Credential Access

Discovery

Network Service Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

© 2018-2025

Terms | Privacy