General

  • Target

    teste.arm5.elf

  • Size

    146KB

  • Sample

    241203-3yz5ts1lbs

  • MD5

    8c6cf977dfe4b14508fa67b7c5494270

  • SHA1

    e9a8ea9c88221b191a0141aa0c338c0b6de19dbc

  • SHA256

    738591dfc24cbf92f0054effab5a780f5b30c3f1bc05ab017004e484294949a2

  • SHA512

    53697c3a291cd3a07e84990b274dbe05a4d738377d675489d2511cac6debeb0d2cf32f05041ec8f4c1abec1c6cec2ecba42c2c254c188d59dc63edbce5904aed

  • SSDEEP

    3072:Xepl+0j1qNh7kpRaN4p7JGxrCJ2GKHWAy:XeplNUh7KwN4poxOQG4WZ

Malware Config

Extracted

Family

mirai

Botnet

UNSTABLE

Targets

    • Target

      teste.arm5.elf

    • Size

      146KB

    • MD5

      8c6cf977dfe4b14508fa67b7c5494270

    • SHA1

      e9a8ea9c88221b191a0141aa0c338c0b6de19dbc

    • SHA256

      738591dfc24cbf92f0054effab5a780f5b30c3f1bc05ab017004e484294949a2

    • SHA512

      53697c3a291cd3a07e84990b274dbe05a4d738377d675489d2511cac6debeb0d2cf32f05041ec8f4c1abec1c6cec2ecba42c2c254c188d59dc63edbce5904aed

    • SSDEEP

      3072:Xepl+0j1qNh7kpRaN4p7JGxrCJ2GKHWAy:XeplNUh7KwN4poxOQG4WZ

    • Contacts a large (69087) amount of remote hosts

      This may indicate a network scan to discover remotely running services.

    • Creates a large amount of network flows

      This may indicate a network scan to discover remotely running services.

    • Modifies Watchdog functionality

      Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.

    • Enumerates running processes

      Discovers information about currently running processes on the system

    • Writes file to system bin folder

MITRE ATT&CK Enterprise v15

Tasks