mirai | e9df1759f023229a8c51a7b2a095691e4efc180cd86468fa469c00a8fe525da2 | Triage

Submit
Reports

Overview

overview

Static

static

5

ed04f35cc6...f5.elf

debian-9-armhf

Sharing

General

Target

b478298246ee6d313f4f576d0f7ec4cd.bin
Size

33KB
Sample

241018-b6tt8sscmp
MD5

47406f5e195568b93f3eb6987b6e7880
SHA1

528ae20342fd96f4c07cb99fc68aca8fe616c082
SHA256

e9df1759f023229a8c51a7b2a095691e4efc180cd86468fa469c00a8fe525da2
SHA512

05ddb11a563d0ef5765e04a551d5befcd07e13032f12e4587ca6e8e0bab056da18f2af599fc1ca43db285ba9d9a58ed657e47d10ec60cd4129515130aa1beb0a
SSDEEP

768:x3bbBhSVdTmP8ybOpjxm3t6DVovlQ1yzsg:xvBhSTmMjW6DVoNWyzr

Score

10^/10

mirai unstable botnet defense_evasion discovery upx

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

ed04f35cc6c4bef7ea8bf398436da916ebfab2490c10bd1d59df70f648e80df5.elf

Resource

debian9-armhf-20240729-en

mirai unstable botnet defense_evasion discovery

debian-9-armhf

8 signatures

150 seconds

Malware Config

Extracted

Family

mirai

Botnet

UNSTABLE

Targets

- Target
  
  ed04f35cc6c4bef7ea8bf398436da916ebfab2490c10bd1d59df70f648e80df5.elf
- Size
  
  34KB
- MD5
  
  b478298246ee6d313f4f576d0f7ec4cd
- SHA1
  
  94d25c6d4cfb1e218120d378d14c8d5ab868363b
- SHA256
  
  ed04f35cc6c4bef7ea8bf398436da916ebfab2490c10bd1d59df70f648e80df5
- SHA512
  
  83f67116e5c7074dcfa0e98d94697a0db2bdcaed15060aa31ed6a20eb543fd1d10d8fe26856178f78cc7402531de358e4b6c1d294086b18ab891d23954e78307
- SSDEEP
  
  768:8/vcATF+a7EZA9+gerPrHJQs/NimnSxSNTud0Cb6d0zJskDM3U6s:Kvcod7J9v81kmSOCmdmOkws
Score

10^/10

mirai unstable botnet defense_evasion discovery
- Mirai
  Mirai is a prevalent Linux malware infecting exposed network devices.
  botnet mirai
- Contacts a large (214864) amount of remote hosts
  This may indicate a network scan to discover remotely running services.
  discovery
- Creates a large amount of network flows
  This may indicate a network scan to discover remotely running services.
  discovery
- Modifies Watchdog functionality
  Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.
  defense_evasion
- Enumerates running processes
  Discovers information about currently running processes on the system
- Writes file to system bin folder
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Impair Defenses

Credential Access

Discovery

Network Service Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

miraiunstablebotnetdefense_evasiondiscovery

© 2018-2025

Terms | Privacy