mirai | 70b55b26bcf77734c6b382069fdc21c4a6315a5d987bc73ebd3dcbe34e9734ce | Triage

Sharing

General

Target

zmap.mpsl.elf
Size

94KB
Sample

241029-sahwjaxmdk
MD5

388d422956634aaa7056637023e4f713
SHA1

2eb5c3cc09e264debe4c050041eaa62d7b5d3fb9
SHA256

70b55b26bcf77734c6b382069fdc21c4a6315a5d987bc73ebd3dcbe34e9734ce
SHA512

55b3ec2f545691ccc17c2a5ef5ae69be28e83cd7f5f360a2484861923b64403e585169e2ec499d44a883b306bd80f1cbc48f15a0e4ad6a325a33ceaa671941e8
SSDEEP

1536:IIdgIHlIodXYtY7G7M/eNLNnCt2ZIzAFy4JZ1BV6I5W/CE:IIdgIHlIoDeLNCt2ZPFbJrYKE

Score

10^/10

mirai unstable defense_evasion

Malware Config

Extracted

Family

mirai

Botnet

UNSTABLE

Targets

- Target
  
  zmap.mpsl.elf
- Size
  
  94KB
- MD5
  
  388d422956634aaa7056637023e4f713
- SHA1
  
  2eb5c3cc09e264debe4c050041eaa62d7b5d3fb9
- SHA256
  
  70b55b26bcf77734c6b382069fdc21c4a6315a5d987bc73ebd3dcbe34e9734ce
- SHA512
  
  55b3ec2f545691ccc17c2a5ef5ae69be28e83cd7f5f360a2484861923b64403e585169e2ec499d44a883b306bd80f1cbc48f15a0e4ad6a325a33ceaa671941e8
- SSDEEP
  
  1536:IIdgIHlIodXYtY7G7M/eNLNnCt2ZIzAFy4JZ1BV6I5W/CE:IIdgIHlIoDeLNCt2ZPFbJrYKE
Score

7^/10

defense_evasion
- Deletes itself
- Modifies Watchdog functionality
  Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.
  defense_evasion
- Writes file to system bin folder
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Impair Defenses

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

defense_evasion