mirai | 324f57878b778a67a8a8fb8bbb651411b54042331bf9b22fb692252f1772ed8f | Triage

Sharing

General

Target

zmap.x86.elf
Size

61KB
Sample

241101-ran7wazkhw
MD5

f7505a8b058281835546dd4549fe7dbc
SHA1

5725793206d387662d9dbbc6649bd63dea8929bd
SHA256

324f57878b778a67a8a8fb8bbb651411b54042331bf9b22fb692252f1772ed8f
SHA512

f07626f3aa0103d417bc3cb4ef60133066d463ade98ba486bd706c54df0a428f27023f5e737abc5214f79026ce39fd91966a65cafb604b0a342b379c2dc7f8db
SSDEEP

1536:1BGfyT5OGMMt4cesUTeFIv5TzHhS3cgodIjOepn2C:1caT5OGMMtmaATzBS3Ro2Kanr

Score

10^/10

mirai unstable defense_evasion linux

Malware Config

Extracted

Family

mirai

Botnet

UNSTABLE

C2

server.dico-inside.com

Targets

- Target
  
  zmap.x86.elf
- Size
  
  61KB
- MD5
  
  f7505a8b058281835546dd4549fe7dbc
- SHA1
  
  5725793206d387662d9dbbc6649bd63dea8929bd
- SHA256
  
  324f57878b778a67a8a8fb8bbb651411b54042331bf9b22fb692252f1772ed8f
- SHA512
  
  f07626f3aa0103d417bc3cb4ef60133066d463ade98ba486bd706c54df0a428f27023f5e737abc5214f79026ce39fd91966a65cafb604b0a342b379c2dc7f8db
- SSDEEP
  
  1536:1BGfyT5OGMMt4cesUTeFIv5TzHhS3cgodIjOepn2C:1caT5OGMMtmaATzBS3Ro2Kanr
Score

7^/10

defense_evasion
- Deletes itself
- Modifies Watchdog functionality
  Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.
  defense_evasion
- Writes file to system bin folder
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Impair Defenses

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

defense_evasion