mirai | 7224a9671c1ed9d53ca5f28e0b38cf9d823f818a5d1037c3d66827a8084b3db0 | Triage

Submit
Reports

Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

Static

static

154.216.17...56.elf

debian-9-armhf

9

Sharing

General

Target

154.216.17.121-arm-2024-08-28T174656.elf
Size

166KB
Sample

240903-l1n2xatdml
MD5

3bafbb502ac389aa7822800e1342943c
SHA1

a6e27d0cd9249ae956b7154eb9df1028bdb21c81
SHA256

7224a9671c1ed9d53ca5f28e0b38cf9d823f818a5d1037c3d66827a8084b3db0
SHA512

e0705cd0f88bb47a5273d9488e820cdaa14fea23bd8a93a2fe283365d51c5cfa28e3c3d33976ea0fb3c6e376cb15e9b23e3721b2a4695694ba6fe973c4c90b84
SSDEEP

3072:+CRj9TC+KIf3nTdlVKKAsF9xYasya2V5UVgy:djDRfXBz3As7xYasJk56

Score

10^/10

mirai discovery

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

154.216.17.121-arm-2024-08-28T174656.elf

Resource

debian9-armhf-20240611-en

debian-9-armhf

9 signatures

150 seconds

Malware Config

Targets

- Target
  
  154.216.17.121-arm-2024-08-28T174656.elf
- Size
  
  166KB
- MD5
  
  3bafbb502ac389aa7822800e1342943c
- SHA1
  
  a6e27d0cd9249ae956b7154eb9df1028bdb21c81
- SHA256
  
  7224a9671c1ed9d53ca5f28e0b38cf9d823f818a5d1037c3d66827a8084b3db0
- SHA512
  
  e0705cd0f88bb47a5273d9488e820cdaa14fea23bd8a93a2fe283365d51c5cfa28e3c3d33976ea0fb3c6e376cb15e9b23e3721b2a4695694ba6fe973c4c90b84
- SSDEEP
  
  3072:+CRj9TC+KIf3nTdlVKKAsF9xYasya2V5UVgy:djDRfXBz3As7xYasJk56
Score

9^/10

discovery
- Contacts a large (1495823) amount of remote hosts
  This may indicate a network scan to discover remotely running services.
  discovery
- Creates a large amount of network flows
  This may indicate a network scan to discover remotely running services.
  discovery
- Modifies Watchdog functionality
  Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.
- Unexpected DNS network traffic destination
  Network traffic to other servers than the configured DNS servers was detected on the DNS port.
- Enumerates running processes
  Discovers information about currently running processes on the system
- Writes file to system bin folder
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Hijack Execution Flow

Privilege Escalation

Hijack Execution Flow

Defense Evasion

Hijack Execution Flow

Impair Defenses

Credential Access

Discovery

Network Service Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

© 2018-2025

Terms | Privacy