General

  • Target

    botnet.arm7.elf

  • Size

    61KB

  • Sample

    241110-rey8ms1pbr

  • MD5

    6fb2d4fb0836acd474f054fce5b6dffb

  • SHA1

    a5c21d71e635cd35610d33ed8bed3ac98df98e29

  • SHA256

    25587577619684afb443b3c5bd709ece4ddb012769572e76d715641e043c875b

  • SHA512

    ef67a5a7c9323b5c63bee9091b5c57b69b4ecd11aa35d531fb22cc51b8bbdbd895f8bc80fcc9c3cd56d222cb9136de8618f634848b3700e08bb2883b70cfd162

  • SSDEEP

    1536:7z3f9F/+WyFWXR2hyMhqMe9yCdCiMNRp13D0SOj5fic:neFo2h5hNe9yCdJMXylic

Malware Config

Extracted

Family

mirai

Botnet

MIRAI

Targets

    • Target

      botnet.arm7.elf

    • Size

      61KB

    • MD5

      6fb2d4fb0836acd474f054fce5b6dffb

    • SHA1

      a5c21d71e635cd35610d33ed8bed3ac98df98e29

    • SHA256

      25587577619684afb443b3c5bd709ece4ddb012769572e76d715641e043c875b

    • SHA512

      ef67a5a7c9323b5c63bee9091b5c57b69b4ecd11aa35d531fb22cc51b8bbdbd895f8bc80fcc9c3cd56d222cb9136de8618f634848b3700e08bb2883b70cfd162

    • SSDEEP

      1536:7z3f9F/+WyFWXR2hyMhqMe9yCdCiMNRp13D0SOj5fic:neFo2h5hNe9yCdJMXylic

    • Mirai

      Mirai is a prevalent Linux malware infecting exposed network devices.

    • Mirai family

    • Contacts a large (23832) amount of remote hosts

      This may indicate a network scan to discover remotely running services.

    • Creates a large amount of network flows

      This may indicate a network scan to discover remotely running services.

    • File and Directory Permissions Modification

      Adversaries may modify file or directory permissions to evade defenses.

MITRE ATT&CK Enterprise v15

Tasks