mirai | e699f761120144c9eb49cfcfff7f3154a70c91137512e4d686d4cb3dac6c9338 | Triage

Sharing

General

Target

zmap.mpsl.elf
Size

94KB
Sample

241101-rfaaxa1hnk
MD5

c8c252000819ff17743d4ec978a7f520
SHA1

dbb5106eb8dec1123d860b48b14d3d75320a9f8e
SHA256

e699f761120144c9eb49cfcfff7f3154a70c91137512e4d686d4cb3dac6c9338
SHA512

adf22bf51cabf9d769034d222593752defe0ea73fc69aee92161e96dc0aa1a731ff0ff96d6b618e1eb1b7f6967cdf691b237590f9a46dd90d08b7764b922edb9
SSDEEP

1536:IIdgIHlIodXYtZyeLM/eNLNnCt2ZIzAFy4JZ1BV6I5W/C/:IIdgIHlIoSfLNCt2ZPFbJrYK/

Score

10^/10

mirai unstable defense_evasion

Malware Config

Extracted

Family

mirai

Botnet

UNSTABLE

Targets

- Target
  
  zmap.mpsl.elf
- Size
  
  94KB
- MD5
  
  c8c252000819ff17743d4ec978a7f520
- SHA1
  
  dbb5106eb8dec1123d860b48b14d3d75320a9f8e
- SHA256
  
  e699f761120144c9eb49cfcfff7f3154a70c91137512e4d686d4cb3dac6c9338
- SHA512
  
  adf22bf51cabf9d769034d222593752defe0ea73fc69aee92161e96dc0aa1a731ff0ff96d6b618e1eb1b7f6967cdf691b237590f9a46dd90d08b7764b922edb9
- SSDEEP
  
  1536:IIdgIHlIodXYtZyeLM/eNLNnCt2ZIzAFy4JZ1BV6I5W/C/:IIdgIHlIoSfLNCt2ZPFbJrYK/
Score

7^/10

defense_evasion
- Deletes itself
- Modifies Watchdog functionality
  Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.
  defense_evasion
- Writes file to system bin folder
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Impair Defenses

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

defense_evasion