General

  • Target

    teste.arm

  • Size

    150KB

  • Sample

    241203-zbqfbsspgx

  • MD5

    dc69acabdee7d74b1b3d04a14ace1770

  • SHA1

    25a48bbb1582d46300b168830e60327d74266ca7

  • SHA256

    cc6d518efad6da404b1ee66d42f4b8734095832ce4cade2c3f410dd51fcc26ef

  • SHA512

    6deb6dd560ac3275c997a2b84a0f46d809ca14e62dff16e1f62dc117b811fd4abf32a6c9497e2505d0069929a7f613f286292df29e724a1a0a738d3c86fcadcb

  • SSDEEP

    3072:S4ckCtTQc2mNCGOLBFb4UJvVSHpbck03Pdty:S4c3thxCGyzb4U+HRX03Pdo

Malware Config

Extracted

Family

mirai

Botnet

UNSTABLE

Targets

    • Target

      teste.arm

    • Size

      150KB

    • MD5

      dc69acabdee7d74b1b3d04a14ace1770

    • SHA1

      25a48bbb1582d46300b168830e60327d74266ca7

    • SHA256

      cc6d518efad6da404b1ee66d42f4b8734095832ce4cade2c3f410dd51fcc26ef

    • SHA512

      6deb6dd560ac3275c997a2b84a0f46d809ca14e62dff16e1f62dc117b811fd4abf32a6c9497e2505d0069929a7f613f286292df29e724a1a0a738d3c86fcadcb

    • SSDEEP

      3072:S4ckCtTQc2mNCGOLBFb4UJvVSHpbck03Pdty:S4c3thxCGyzb4U+HRX03Pdo

    • Contacts a large (11770) amount of remote hosts

      This may indicate a network scan to discover remotely running services.

    • Modifies Watchdog functionality

      Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.

    • Creates a large amount of network flows

      This may indicate a network scan to discover remotely running services.

    • Enumerates running processes

      Discovers information about currently running processes on the system

    • Writes file to system bin folder

MITRE ATT&CK Enterprise v15

Tasks