Overview

overview

10

Static

static

10

9ce1332d12...7e.elf

debian-12-armhf

9

Sharing

Copy URL
Twitter E-mail

General

  • Target

    f750374f6f367da08c054ed08076448e.bin

  • Size

    64KB

  • Sample

    241205-cdrd3ssmg1

  • MD5

    173d1406fd2aca06dac90f189da4dc79

  • SHA1

    3180f90a8110003a7473715f552306875d801f69

  • SHA256

    594bd95847af6bb3765ea34bedcef864ceab78838bf8c20e417746a05b1c5921

  • SHA512

    27db8891173d0178c97440abd13be6768eaddc3fae245f538e38717c18f7e1f7219ef163e52d7aa5a394ccc7bfb4f884222f3bb1944ac6807399916b04a02377

  • SSDEEP

    1536:4hZmZAhdG9WwUE43/7WRXl4sSSas4UCI6bz:4hSKGEwK3zcWsVPCI6f

Score
10/10
miraiunstabledefense_evasiondiscovery

Malware Config

Extracted

Family

mirai

Botnet

UNSTABLE

Targets

    • Target

      9ce1332d12c9848dae72de7b7c38ddf170fc30d58015e376bd770c28462f9b7e.elf

    • Size

      141KB

    • MD5

      f750374f6f367da08c054ed08076448e

    • SHA1

      9a1e710abec662c9651247838b24d17ca084187f

    • SHA256

      9ce1332d12c9848dae72de7b7c38ddf170fc30d58015e376bd770c28462f9b7e

    • SHA512

      5b1d785b85d6722fde1ef7e1876808d245a5a136fdce609aba08fbac7ee628560e1fc9ed22d19cd11ddb0acf2e404d80897e7b380af0072005196b011f0f5b15

    • SSDEEP

      3072:/xAtAOnW7MmKdUZwJbxkjbzixYwi+kJQ3XFPqM/9M6kqC:/xAtAOneAkidkjbziqn+ZXFiM/94qC

    Score
    9/10
    defense_evasiondiscovery

    • Contacts a large (137560) amount of remote hosts

      This may indicate a network scan to discover remotely running services.

      discovery

    • Creates a large amount of network flows

      This may indicate a network scan to discover remotely running services.

      discovery

    • Modifies Watchdog functionality

      Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.

      defense_evasion

    • Writes file to system bin folder

    behavioral1

MITRE ATT&CK Enterprise v15

Tasks