mirai | 9e114679428b0fafe8bf9fd08feaf8104bb7d0181ded6f657424de04825f97f4 | Triage

Sharing

General

Target

zmap.x86.elf
Size

61KB
Sample

241204-xgdbvawjey
MD5

e50ce78e35279682d08fe9fc0644e8b3
SHA1

69177219d343662bc91cee92e79dabf9a0b04701
SHA256

9e114679428b0fafe8bf9fd08feaf8104bb7d0181ded6f657424de04825f97f4
SHA512

c99b90d3067aa8141a2ee7d3784c5d9550bca5ca13fd21e3f0ef918ea0c95f8661908aa041727f90d2f36d266ee16a3f1ea829963d96f8e6a9768035b7806927
SSDEEP

1536:kRGfyD5eG8M94cecUDelIv5TTRal9GfUw4v4COupnWl:kMaD5eG8M92KgTTRaf8Z4AxKnk

Score

10^/10

mirai unstable defense_evasion linux

Malware Config

Extracted

Family

mirai

Botnet

UNSTABLE

C2

server.meal-data.com

ssca.meal-data.com

Targets

- Target
  
  zmap.x86.elf
- Size
  
  61KB
- MD5
  
  e50ce78e35279682d08fe9fc0644e8b3
- SHA1
  
  69177219d343662bc91cee92e79dabf9a0b04701
- SHA256
  
  9e114679428b0fafe8bf9fd08feaf8104bb7d0181ded6f657424de04825f97f4
- SHA512
  
  c99b90d3067aa8141a2ee7d3784c5d9550bca5ca13fd21e3f0ef918ea0c95f8661908aa041727f90d2f36d266ee16a3f1ea829963d96f8e6a9768035b7806927
- SSDEEP
  
  1536:kRGfyD5eG8M94cecUDelIv5TTRal9GfUw4v4COupnWl:kMaD5eG8M92KgTTRaf8Z4AxKnk
Score

7^/10

defense_evasion
- Deletes itself
- Modifies Watchdog functionality
  Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.
  defense_evasion
- Writes file to system bin folder
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Impair Defenses

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

defense_evasion