mirai | 4a6fc30b27777fc8e5cf421e86425ae526fc31410e0c07db2e27371d26f77fab | Triage

Submit
Reports

Overview

overview

Static

static

5

730859ff16...95.elf

debian-9-armhf

Sharing

General

Target

7324dbeb098c782561c906ebab3ee1ea.bin
Size

57KB
Sample

241018-bvh9csybje
MD5

be74702e5699fc43420ad5b9b39c34c3
SHA1

a1ae8e6200b8251647784578a4e899167224c290
SHA256

4a6fc30b27777fc8e5cf421e86425ae526fc31410e0c07db2e27371d26f77fab
SHA512

b1e593a4dc0de002b11e27a0214fd1cc387138e824caa8b2d55604b14229c5aa53ebb8661b177ef4acd0d72c895b1a20255681dead783633a6ba39da003ef3fc
SSDEEP

1536:9RZSJDp2O5Egtr+Bl8smftHjLZRzcJVU008mJQ3nDFK0rq:QJt2O5Egtr+BOskpRzcDXrmJQ3nDFK0O

Score

10^/10

mirai unstable botnet defense_evasion discovery upx

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

730859ff16c34d990ddd18509a1a3c22a9b582944fc68e6411f9895b79239895.elf

Resource

debian9-armhf-20240418-en

mirai unstable botnet defense_evasion discovery

debian-9-armhf

8 signatures

150 seconds

Malware Config

Extracted

Family

mirai

Botnet

UNSTABLE

Targets

- Target
  
  730859ff16c34d990ddd18509a1a3c22a9b582944fc68e6411f9895b79239895.elf
- Size
  
  58KB
- MD5
  
  7324dbeb098c782561c906ebab3ee1ea
- SHA1
  
  e6f5ea8561a51cd096aeb2e10a98e17199e399f8
- SHA256
  
  730859ff16c34d990ddd18509a1a3c22a9b582944fc68e6411f9895b79239895
- SHA512
  
  c5f519317a58b39d44af0c137a1f3cc8634a1306602e210f342e560ac68fba3fef05628b1058617e0673e104a1d06da98a74f2ac0817830146a0f955a5474f4d
- SSDEEP
  
  1536:gbxVDNur8IDoG2zHn0kRCjsLvPVo1PpLN7GAfR9IM3/csZze/J:mxduDSntRqsry1Pr7GAsO0s0/J
Score

10^/10

mirai unstable botnet defense_evasion discovery
- Mirai
  Mirai is a prevalent Linux malware infecting exposed network devices.
  botnet mirai
- Contacts a large (229916) amount of remote hosts
  This may indicate a network scan to discover remotely running services.
  discovery
- Creates a large amount of network flows
  This may indicate a network scan to discover remotely running services.
  discovery
- Modifies Watchdog functionality
  Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.
  defense_evasion
- Enumerates running processes
  Discovers information about currently running processes on the system
- Writes file to system bin folder
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Impair Defenses

Credential Access

Discovery

Network Service Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

miraiunstablebotnetdefense_evasiondiscovery

© 2018-2025

Terms | Privacy