General

  • Target

    8058da0d183d9cc558e2df8e74659b3723533a93aeda1ec2097ffed000dd8421.elf

  • Size

    133KB

  • Sample

    241114-c7hc9stdjk

  • MD5

    3655f1ea2c9ed0d5becc0bdb9b4e71db

  • SHA1

    385a0af544d89e091256dee4c630bfc0c3dc421c

  • SHA256

    8058da0d183d9cc558e2df8e74659b3723533a93aeda1ec2097ffed000dd8421

  • SHA512

    e9f2ba6639c6f042bc2a95710ed065c982e1798d20c8da5af42d4ca4203416a622743ee739f0405c34b8e408798d6a3bc9522adf5d307f7afcc00db3e3caccb9

  • SSDEEP

    3072:Jn5dyK5YZjJuyT8w1+eRY3JhIdl6fR/wM/9fq8I:VyUYZtuS8w1+eK5hffRoM/9C8I

Malware Config

Extracted

Family

mirai

C2

193.84.71.119

Targets

    • Target

      8058da0d183d9cc558e2df8e74659b3723533a93aeda1ec2097ffed000dd8421.elf

    • Size

      133KB

    • MD5

      3655f1ea2c9ed0d5becc0bdb9b4e71db

    • SHA1

      385a0af544d89e091256dee4c630bfc0c3dc421c

    • SHA256

      8058da0d183d9cc558e2df8e74659b3723533a93aeda1ec2097ffed000dd8421

    • SHA512

      e9f2ba6639c6f042bc2a95710ed065c982e1798d20c8da5af42d4ca4203416a622743ee739f0405c34b8e408798d6a3bc9522adf5d307f7afcc00db3e3caccb9

    • SSDEEP

      3072:Jn5dyK5YZjJuyT8w1+eRY3JhIdl6fR/wM/9fq8I:VyUYZtuS8w1+eK5hffRoM/9C8I

    • Modifies Watchdog functionality

      Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.

    • Reads process memory

      Read the memory of a process through the /proc virtual filesystem. This can be used to steal credentials.

MITRE ATT&CK Enterprise v15

Tasks