mirai | 4a6596028c781e73e24157ca252361eaae4be9307ad98c34586880b48b7d9df8 | Triage

Sharing

General

Target

zmap.arm7.elf
Size

152KB
Sample

241101-q9h98ssqbm
MD5

229acf7569130751dd54b01eb3804958
SHA1

7885cfb3f6bb30be8c87ffc365527c31b5e86649
SHA256

4a6596028c781e73e24157ca252361eaae4be9307ad98c34586880b48b7d9df8
SHA512

00edb3c2b6fe3874487ac82f83cf7d1a33e3b18512bbb7cdc36a6fc7640971c459b2874d254a6db65cca19d6e222170bdd7275283005bb4269a80c3dac4d890b
SSDEEP

3072:gXNsG9xNku05aoanAE+zRzHnbNc57VMzLLSO4PFM/9h7TBA:gXNsiEudoanL+zRzHbNyoLS7dM/9Zy

Score

10^/10

mirai unstable defense_evasion

Malware Config

Extracted

Family

mirai

Botnet

UNSTABLE

Targets

- Target
  
  zmap.arm7.elf
- Size
  
  152KB
- MD5
  
  229acf7569130751dd54b01eb3804958
- SHA1
  
  7885cfb3f6bb30be8c87ffc365527c31b5e86649
- SHA256
  
  4a6596028c781e73e24157ca252361eaae4be9307ad98c34586880b48b7d9df8
- SHA512
  
  00edb3c2b6fe3874487ac82f83cf7d1a33e3b18512bbb7cdc36a6fc7640971c459b2874d254a6db65cca19d6e222170bdd7275283005bb4269a80c3dac4d890b
- SSDEEP
  
  3072:gXNsG9xNku05aoanAE+zRzHnbNc57VMzLLSO4PFM/9h7TBA:gXNsiEudoanL+zRzHbNyoLS7dM/9Zy
Score

7^/10

defense_evasion
- Deletes itself
- Modifies Watchdog functionality
  Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.
  defense_evasion
- Writes file to system bin folder
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Impair Defenses

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

defense_evasion