General

  • Target

    cd1268c5152cc51f4d978f8616d7149175b7bb6f231a38ff8543f41f5de552b0.elf

  • Size

    114KB

  • Sample

    241204-dwwxysvlgk

  • MD5

    0b7cc02ae3cbb3612d762ec91eff75b6

  • SHA1

    9d355d2c9257deec9f734d504051bb821dde1c2c

  • SHA256

    cd1268c5152cc51f4d978f8616d7149175b7bb6f231a38ff8543f41f5de552b0

  • SHA512

    e762bd509477e43a1a4ee4d76a9977015d17bd737ed10f449af9f8c65be14c9eb48f8bf7a556b66f8227a38a8fbfac85af1ce9a9224981268041e22d9b6e1461

  • SSDEEP

    3072:+0f4VOiwnsrDpX4zXrtFxzyzsgD/hj+Q:34VOiwnsrDpX4zXoxqQ

Malware Config

Extracted

Family

mirai

Botnet

UNSTABLE

Targets

    • Target

      cd1268c5152cc51f4d978f8616d7149175b7bb6f231a38ff8543f41f5de552b0.elf

    • Size

      114KB

    • MD5

      0b7cc02ae3cbb3612d762ec91eff75b6

    • SHA1

      9d355d2c9257deec9f734d504051bb821dde1c2c

    • SHA256

      cd1268c5152cc51f4d978f8616d7149175b7bb6f231a38ff8543f41f5de552b0

    • SHA512

      e762bd509477e43a1a4ee4d76a9977015d17bd737ed10f449af9f8c65be14c9eb48f8bf7a556b66f8227a38a8fbfac85af1ce9a9224981268041e22d9b6e1461

    • SSDEEP

      3072:+0f4VOiwnsrDpX4zXrtFxzyzsgD/hj+Q:34VOiwnsrDpX4zXoxqQ

    • Contacts a large (75234) amount of remote hosts

      This may indicate a network scan to discover remotely running services.

    • Creates a large amount of network flows

      This may indicate a network scan to discover remotely running services.

    • Modifies Watchdog functionality

      Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.

    • Enumerates running processes

      Discovers information about currently running processes on the system

    • Writes file to system bin folder

MITRE ATT&CK Enterprise v15

Tasks