mirai | 5a1257b3e863798fd601414bfe267e46db1b755eaa471818bd204c0b9efa6228 | Triage

Submit
Reports

Overview

overview

Static

static

5

h0r0zx00x.x86.elf

ubuntu-18.04-amd64

Sharing

General

Target

h0r0zx00x.x86.elf
Size

30KB
Sample

241106-q8849stmdk
MD5

d8fb6401cc65babe5175807a3f63ff14
SHA1

9194baed313ee944ef92a86a4311d963b1e56728
SHA256

5a1257b3e863798fd601414bfe267e46db1b755eaa471818bd204c0b9efa6228
SHA512

12438a96710084995dea8a225f88c863f28687520b45e9f37a73b4f5af5c2577560b637b0f0be3ece24ba6a376557b8c1a1e26fe77314735ac17801a964b0320
SSDEEP

768:Dq3ydi2rg98FdmvPyQw7NAFkcEfdhpJJLTsiLetyS33UXn68FqK6:siFdmvPgA2cEfdhxLYiFvXnW9

Score

10^/10

mirai unstable botnet defense_evasion discovery linux upx

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

h0r0zx00x.x86.elf

Resource

ubuntu1804-amd64-20240611-en

mirai unstable botnet defense_evasion discovery

ubuntu-18.04-amd64

9 signatures

150 seconds

Malware Config

Extracted

Family

mirai

Botnet

UNSTABLE

Targets

- Target
  
  h0r0zx00x.x86.elf
- Size
  
  30KB
- MD5
  
  d8fb6401cc65babe5175807a3f63ff14
- SHA1
  
  9194baed313ee944ef92a86a4311d963b1e56728
- SHA256
  
  5a1257b3e863798fd601414bfe267e46db1b755eaa471818bd204c0b9efa6228
- SHA512
  
  12438a96710084995dea8a225f88c863f28687520b45e9f37a73b4f5af5c2577560b637b0f0be3ece24ba6a376557b8c1a1e26fe77314735ac17801a964b0320
- SSDEEP
  
  768:Dq3ydi2rg98FdmvPyQw7NAFkcEfdhpJJLTsiLetyS33UXn68FqK6:siFdmvPgA2cEfdhxLYiFvXnW9
Score

10^/10

mirai unstable botnet defense_evasion discovery
- Mirai
  Mirai is a prevalent Linux malware infecting exposed network devices.
  botnet mirai
- Mirai family
  mirai
- Contacts a large (152889) amount of remote hosts
  This may indicate a network scan to discover remotely running services.
  discovery
- Creates a large amount of network flows
  This may indicate a network scan to discover remotely running services.
  discovery
- Modifies Watchdog functionality
  Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.
  defense_evasion
- Enumerates running processes
  Discovers information about currently running processes on the system
- Writes file to system bin folder
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Impair Defenses

Credential Access

Discovery

Network Service Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

miraiunstablebotnetdefense_evasiondiscovery

© 2018-2024

Terms | Privacy