Overview

overview

10

Static

static

10

1c46b788cd...07.elf

debian-12-armhf

10

Sharing

Copy URL Twitter E-mail

General

  • Target

    6b070f94b644316ea982ea71b8f22486.bin

  • Size

    67KB

  • Sample

    240903-bqbnqasgpr

  • MD5

    09ef421f5418dc4eeba30ffac928076d

  • SHA1

    680705d36e0feee82634c0ec6e90d8e8bf86da30

  • SHA256

    41cbd11014a4bc8dc329d38bd8d6df5f081b003061fd82cc7023f82c563bef2f

  • SHA512

    7527523c70b1363530654104d1304bef1f1c82638573c3749b3c004d77b3fc37d6c81e8306beb0917d2b49f306dcb57c330855ea4ad5e2bbf0615eb51d38f672

  • SSDEEP

    768:4Jg51oJwP7zrCGQGdqIGi0PTYYwUKIEOxP2MRRFsHior9jJ9bmEkTVtZHL7KJyED:V51oOPH8IGi0POLerEF/vuHM2eWN3hY

Score
10/10
miraibotnetdiscoverypersistence

Malware Config

Targets

    • Target

      1c46b788cd21053d730f5ea5c186d6e4f23aa62baf307003f0cd739914e4cb07.elf

    • Size

      133KB

    • MD5

      6b070f94b644316ea982ea71b8f22486

    • SHA1

      cdc58cdab08c05e592f0dcc231db7e54aa141753

    • SHA256

      1c46b788cd21053d730f5ea5c186d6e4f23aa62baf307003f0cd739914e4cb07

    • SHA512

      77de3f95f85322fc91c0740c0fc8193aeca1a47854817e423b6d19ffe30d8ba6bf6b2f37338520965baee27343270ceb71326eb3b5455de1625eca18f1b2dd32

    • SSDEEP

      3072:I60j1PPFurocpgwS2GWddcaz9nkBZla1KfBZcqVgqWImte:Ihj1X4TGWbcaz9nkBZ04fDV9W9te

    Score
    10/10
    miraibotnetdiscoverypersistence

    • Mirai

      Mirai is a prevalent Linux malware infecting exposed network devices.

      botnetmirai

    • Contacts a large (46274) amount of remote hosts

      This may indicate a network scan to discover remotely running services.

      discovery

    • Creates a large amount of network flows

      This may indicate a network scan to discover remotely running services.

      discovery

    • Creates/modifies Cron job

      Cron allows running tasks on a schedule, and is commonly used for malware persistence.

      persistence

    • Writes file to system bin folder

    behavioral1

MITRE ATT&CK Enterprise v15

Tasks