Overview

overview

10

Static

static

10

arm7.nn.elf

debian-9-armhf

9

Sharing

Copy URL Twitter E-mail

General

  • Target

    arm7.nn.elf

  • Size

    157KB

  • Sample

    240905-v6kq4swhlh

  • MD5

    9fe44e38f31dfc22fc37f8f4b0ad665b

  • SHA1

    003f2be0ac848c14527ec7b555e6517b8099c152

  • SHA256

    463cd5a52848c54f9c7736f71dc0fa2e2e117e14798cbfd7d7ca4f0ab32e9a8d

  • SHA512

    231d8d66523de1e9b3f41630e869a721f66a916ecf5fecd763108407d89fd885bc12a68b7efdf668cfd9d2989c6c9a1de5bd07fb313427a2fe2760aeb8720baa

  • SSDEEP

    3072:hkDdGanTaRJKm7GiSAubGkU58hsugq3VXM/9//mAwYhDNc:hkDhnTaRJKm7GiGbGmKugq35M/9XmAwZ

Score
10/10
miraibotnetdefense_evasiondiscoveryexecutionpersistence

Malware Config

Extracted

Family

mirai

Botnet

BOTNET

Targets

    • Target

      arm7.nn.elf

    • Size

      157KB

    • MD5

      9fe44e38f31dfc22fc37f8f4b0ad665b

    • SHA1

      003f2be0ac848c14527ec7b555e6517b8099c152

    • SHA256

      463cd5a52848c54f9c7736f71dc0fa2e2e117e14798cbfd7d7ca4f0ab32e9a8d

    • SHA512

      231d8d66523de1e9b3f41630e869a721f66a916ecf5fecd763108407d89fd885bc12a68b7efdf668cfd9d2989c6c9a1de5bd07fb313427a2fe2760aeb8720baa

    • SSDEEP

      3072:hkDdGanTaRJKm7GiSAubGkU58hsugq3VXM/9//mAwYhDNc:hkDhnTaRJKm7GiGbGmKugq35M/9XmAwZ

    Score
    9/10
    defense_evasiondiscoveryexecutionpersistence

    • Creates a large amount of network flows

      This may indicate a network scan to discover remotely running services.

      discovery

    • Modifies Watchdog functionality

      Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.

      defense_evasion

    • Modifies init.d

      Adds/modifies system service, likely for persistence.

      persistence

    • Modifies rc script

      Adding/modifying system rc scripts is a common persistence mechanism.

      persistence
    behavioral1

MITRE ATT&CK Enterprise v15

Tasks