General

  • Target

    fe6a2bf17e5bd0d64a83b6f521d04bca8651bd97ac1085255b9ef9ec142f5934.elf

  • Size

    60KB

  • Sample

    241114-dw24zaxnbr

  • MD5

    63397dcf17213f2327eb8a8ba88dda49

  • SHA1

    573fb58fd64c5b07995e53c18970be3ce700a216

  • SHA256

    fe6a2bf17e5bd0d64a83b6f521d04bca8651bd97ac1085255b9ef9ec142f5934

  • SHA512

    c7b4d68c17b91555eccbd095247352652bedc0a933608aa42f97a078e49cddb4400d437c9fa00d5baa4da4d2b7fcbd438065dd2c32861c48208e0f89d00f4c46

  • SSDEEP

    1536:rYq/tQXOs78451mFB9crC6gseWmsgfzsQvWbuuPXN:FVns788oFjcO6grLsQvNuPX

Malware Config

Extracted

Family

mirai

C2

193.84.71.119

Targets

    • Target

      fe6a2bf17e5bd0d64a83b6f521d04bca8651bd97ac1085255b9ef9ec142f5934.elf

    • Size

      60KB

    • MD5

      63397dcf17213f2327eb8a8ba88dda49

    • SHA1

      573fb58fd64c5b07995e53c18970be3ce700a216

    • SHA256

      fe6a2bf17e5bd0d64a83b6f521d04bca8651bd97ac1085255b9ef9ec142f5934

    • SHA512

      c7b4d68c17b91555eccbd095247352652bedc0a933608aa42f97a078e49cddb4400d437c9fa00d5baa4da4d2b7fcbd438065dd2c32861c48208e0f89d00f4c46

    • SSDEEP

      1536:rYq/tQXOs78451mFB9crC6gseWmsgfzsQvWbuuPXN:FVns788oFjcO6grLsQvNuPX

    • Modifies Watchdog functionality

      Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.

    • Enumerates running processes

      Discovers information about currently running processes on the system

    • Reads process memory

      Read the memory of a process through the /proc virtual filesystem. This can be used to steal credentials.

MITRE ATT&CK Enterprise v15

Tasks