General

  • Target

    x86.elf

  • Size

    93KB

  • Sample

    241027-hxmswstkgw

  • MD5

    bb9275394716c60d1941432c7085ca13

  • SHA1

    43f6e51ca69e70abb7d6cfd7f11f15df3fcc97cc

  • SHA256

    3c0eb5de2946c558159a6b6a656d463febee037c17a1f605330e601cfcd39615

  • SHA512

    047ec8451a8d35ac67c7ff26e145cfe5536d94ef1a7d280d2e70dc4c3ed7dfd1386a957e1b76f50c10429774df02964d48d50d6bb8debc2c9a3bcced833b125d

  • SSDEEP

    1536:lDVOLhrwmN92XVNbMxvk2bB3n2GNR9maOY7h8RGEhXXBP:9VO9v4vbMxvkEB3VNR9u4h8RGaxP

Malware Config

Extracted

Family

mirai

Botnet

BOTNET

Targets

    • Target

      x86.elf

    • Size

      93KB

    • MD5

      bb9275394716c60d1941432c7085ca13

    • SHA1

      43f6e51ca69e70abb7d6cfd7f11f15df3fcc97cc

    • SHA256

      3c0eb5de2946c558159a6b6a656d463febee037c17a1f605330e601cfcd39615

    • SHA512

      047ec8451a8d35ac67c7ff26e145cfe5536d94ef1a7d280d2e70dc4c3ed7dfd1386a957e1b76f50c10429774df02964d48d50d6bb8debc2c9a3bcced833b125d

    • SSDEEP

      1536:lDVOLhrwmN92XVNbMxvk2bB3n2GNR9maOY7h8RGEhXXBP:9VO9v4vbMxvkEB3VNR9u4h8RGaxP

    • File and Directory Permissions Modification

      Adversaries may modify file or directory permissions to evade defenses.

    • Renames itself

    • Unexpected DNS network traffic destination

      Network traffic to other servers than the configured DNS servers was detected on the DNS port.

    • Creates a large amount of network flows

      This may indicate a network scan to discover remotely running services.

    • Creates/modifies Cron job

      Cron allows running tasks on a schedule, and is commonly used for malware persistence.

MITRE ATT&CK Enterprise v15

Tasks