General

  • Target

    3ae258f1c4855a11e0a21e8d63dcf69f.elf

  • Size

    34KB

  • Sample

    241012-zl1daa1akc

  • MD5

    3ae258f1c4855a11e0a21e8d63dcf69f

  • SHA1

    7c1bec498bbd9948782b1fe1752fab73f51eea81

  • SHA256

    fdfb62667a735e470431ef539115b3af0c5fc9cff2ba7d8ff519c40b1a07ab11

  • SHA512

    5f9e9f6471115b6260a6a75ab694ec3eca53b40537c5653d4eb63593648e416601e868742f4c49266adf518189f7db2333d3b5f78f0d81fc81b150f4d989cfda

  • SSDEEP

    768:TdSc/lBMfEnujNo0JqMA3NWBp3MW2k0NrBMqEI/WZ6n/:TvlBMfnZo0JDAdWB6W2bNrBMpI/WQ/

Malware Config

Extracted

Family

mirai

C2

bot.merisprivate.net

Targets

    • Target

      3ae258f1c4855a11e0a21e8d63dcf69f.elf

    • Size

      34KB

    • MD5

      3ae258f1c4855a11e0a21e8d63dcf69f

    • SHA1

      7c1bec498bbd9948782b1fe1752fab73f51eea81

    • SHA256

      fdfb62667a735e470431ef539115b3af0c5fc9cff2ba7d8ff519c40b1a07ab11

    • SHA512

      5f9e9f6471115b6260a6a75ab694ec3eca53b40537c5653d4eb63593648e416601e868742f4c49266adf518189f7db2333d3b5f78f0d81fc81b150f4d989cfda

    • SSDEEP

      768:TdSc/lBMfEnujNo0JqMA3NWBp3MW2k0NrBMqEI/WZ6n/:TvlBMfnZo0JDAdWB6W2bNrBMpI/WQ/

    • Mirai

      Mirai is a prevalent Linux malware infecting exposed network devices.

    • Contacts a large (8194) amount of remote hosts

      This may indicate a network scan to discover remotely running services.

    • Modifies Watchdog functionality

      Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.

    • Creates a large amount of network flows

      This may indicate a network scan to discover remotely running services.

    • Writes file to system bin folder

MITRE ATT&CK Enterprise v15

Tasks