General
-
Target
3061714.bin
-
Size
249KB
-
Sample
241122-wt52ys1ngp
-
MD5
038814ff17c4e2f6e286dc858e3c3e38
-
SHA1
57b63f3ed966b91f2dbc107e87d81201c329671b
-
SHA256
3bd5be1f538f8cc195dbffd77d01e0c2509c56139a307b72d72d5bdbe2245584
-
SHA512
5225c9dd4adcaab0547e267c5f207cc89a007268a6c2fe2c3be84d94d08ca92340c3552ac4d59109721224c480cee7a4995a94d1dbe9f3a2e498cef0b1e90e87
-
SSDEEP
6144:REn8buta+6HwGQJk8a+MrZP6Ffk+figv49e/CKvVA6tnY:RNr2JxahZPl+L8eaKvVAcY
Static task
static1
Behavioral task
behavioral1
Sample
3061714.bin
Resource
debian9-armhf-20240611-en
Malware Config
Extracted
mirai
LZRD
Targets
-
-
Target
3061714.bin
-
Size
249KB
-
MD5
038814ff17c4e2f6e286dc858e3c3e38
-
SHA1
57b63f3ed966b91f2dbc107e87d81201c329671b
-
SHA256
3bd5be1f538f8cc195dbffd77d01e0c2509c56139a307b72d72d5bdbe2245584
-
SHA512
5225c9dd4adcaab0547e267c5f207cc89a007268a6c2fe2c3be84d94d08ca92340c3552ac4d59109721224c480cee7a4995a94d1dbe9f3a2e498cef0b1e90e87
-
SSDEEP
6144:REn8buta+6HwGQJk8a+MrZP6Ffk+figv49e/CKvVA6tnY:RNr2JxahZPl+L8eaKvVAcY
-
Mirai family
-
Modifies Watchdog functionality
Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.
-
Unexpected DNS network traffic destination
Network traffic to other servers than the configured DNS servers was detected on the DNS port.
-
Creates/modifies Cron job
Cron allows running tasks on a schedule, and is commonly used for malware persistence.
-
Modifies systemd
Adds/ modifies systemd service files. Likely to achieve persistence.
-
Writes file to system bin folder
-
MITRE ATT&CK Enterprise v15
Execution
Command and Scripting Interpreter
1Unix Shell
1Scheduled Task/Job
1Cron
1Persistence
Boot or Logon Autostart Execution
2XDG Autostart Entries
1Boot or Logon Initialization Scripts
1RC Scripts
1Create or Modify System Process
1Systemd Service
1Scheduled Task/Job
1Cron
1