General

  • Target

    991eb0bf723fb0bb950547e2ba9478b05b5542a161296e259caa0c9b76c43ebc.elf

  • Size

    131KB

  • Sample

    241114-dbkdestdmb

  • MD5

    a540f6155293872e718c739ab62c986d

  • SHA1

    ee57f1547c5bad3168ff42d2253a4437c40fcc7d

  • SHA256

    991eb0bf723fb0bb950547e2ba9478b05b5542a161296e259caa0c9b76c43ebc

  • SHA512

    f8938ee84ca093c21c84b4479771779ce0294842f93b052d0e0c8eb4b9b37058dd6f0ba300945fade5b8f3665bd0088bc015598349bf50cb496b68eb675f02b0

  • SSDEEP

    3072:cn8IgyDx2d5ktT8w1+eRY3JhIdlkfrTCM/9o1S:48Ax2Tkh8w1+eK5hJfreM/9o1S

Malware Config

Extracted

Family

mirai

C2

193.84.71.119

Targets

    • Target

      991eb0bf723fb0bb950547e2ba9478b05b5542a161296e259caa0c9b76c43ebc.elf

    • Size

      131KB

    • MD5

      a540f6155293872e718c739ab62c986d

    • SHA1

      ee57f1547c5bad3168ff42d2253a4437c40fcc7d

    • SHA256

      991eb0bf723fb0bb950547e2ba9478b05b5542a161296e259caa0c9b76c43ebc

    • SHA512

      f8938ee84ca093c21c84b4479771779ce0294842f93b052d0e0c8eb4b9b37058dd6f0ba300945fade5b8f3665bd0088bc015598349bf50cb496b68eb675f02b0

    • SSDEEP

      3072:cn8IgyDx2d5ktT8w1+eRY3JhIdlkfrTCM/9o1S:48Ax2Tkh8w1+eK5hJfreM/9o1S

    • Modifies Watchdog functionality

      Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.

    • Enumerates running processes

      Discovers information about currently running processes on the system

    • Reads process memory

      Read the memory of a process through the /proc virtual filesystem. This can be used to steal credentials.

MITRE ATT&CK Enterprise v15

Tasks