mirai | d1aee5147b3506a4b5dc0d84a88ac3e861176a800b2f52c8f5dacc7b5018231a | Triage

Sharing

General

Target

mpsl.elf
Size

34KB
Sample

241023-nlh88axdmb
MD5

ec40a6b2fe9467fb5844b445249150c4
SHA1

2616c332b8e7e21e87c210843cb48393bc90491b
SHA256

d1aee5147b3506a4b5dc0d84a88ac3e861176a800b2f52c8f5dacc7b5018231a
SHA512

6b48bd0a69553a6cca64cdefefc7fa003f52c2fbcba9d8a2780deeae2f161d93a085ec2037876716d03ff69a5253ee4f6fc104190396c0d033f1725359532e7d
SSDEEP

384:nauF8EqJxvu1I6OYt1gFcOL6bK+03Egf4kcucx8ExW86CDPMh3/bdAgo9FztqHtU:JF8Eq2HI/LqK+03qkctK3zdA/IHcUAWE

Score

10^/10

mirai unstable botnet defense_evasion upx

Malware Config

Extracted

Family

mirai

Botnet

UNSTABLE

C2

jinhj.stressamp.com

rgvsf.stressamp.com

Targets

- Target
  
  mpsl.elf
- Size
  
  34KB
- MD5
  
  ec40a6b2fe9467fb5844b445249150c4
- SHA1
  
  2616c332b8e7e21e87c210843cb48393bc90491b
- SHA256
  
  d1aee5147b3506a4b5dc0d84a88ac3e861176a800b2f52c8f5dacc7b5018231a
- SHA512
  
  6b48bd0a69553a6cca64cdefefc7fa003f52c2fbcba9d8a2780deeae2f161d93a085ec2037876716d03ff69a5253ee4f6fc104190396c0d033f1725359532e7d
- SSDEEP
  
  384:nauF8EqJxvu1I6OYt1gFcOL6bK+03Egf4kcucx8ExW86CDPMh3/bdAgo9FztqHtU:JF8Eq2HI/LqK+03qkctK3zdA/IHcUAWE
Score

10^/10

mirai unstable botnet defense_evasion
- Mirai
  Mirai is a prevalent Linux malware infecting exposed network devices.
  botnet mirai
- Deletes itself
- Modifies Watchdog functionality
  Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.
  defense_evasion
- Writes file to system bin folder
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Impair Defenses

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

miraiunstablebotnetdefense_evasion