mirai | 19db89952df90d8bb150ef0813cf9732643cc6d6a23fe765d487828d10396360 | Triage

Sharing

General

Target

jew.arm7.elf
Size

133KB
Sample

241206-qjdxtsyqey
MD5

e108df642891abdfa0d4aeed0168986c
SHA1

42d39a845a8ffa441f2f170057823ab439d2c805
SHA256

19db89952df90d8bb150ef0813cf9732643cc6d6a23fe765d487828d10396360
SHA512

718ac35251ee90d8b32951fe49d540e148f501d151d54edf9dad15363c0e1f8bace7811a5d46305935610626ccfe54cdd59e3cee52633880db7a2a41a262c297
SSDEEP

3072:5KacBqVuJVkW5IOPZoxNOqMP0wctzHn/PF+84/M/92L18Yj:kacBQuJVkW5IOaxNOqMPVo7F+8MM/9Zc

Score

10^/10

mirai kurc defense_evasion discovery

Malware Config

Extracted

Family

mirai

Botnet

KURC

Targets

- Target
  
  jew.arm7.elf
- Size
  
  133KB
- MD5
  
  e108df642891abdfa0d4aeed0168986c
- SHA1
  
  42d39a845a8ffa441f2f170057823ab439d2c805
- SHA256
  
  19db89952df90d8bb150ef0813cf9732643cc6d6a23fe765d487828d10396360
- SHA512
  
  718ac35251ee90d8b32951fe49d540e148f501d151d54edf9dad15363c0e1f8bace7811a5d46305935610626ccfe54cdd59e3cee52633880db7a2a41a262c297
- SSDEEP
  
  3072:5KacBqVuJVkW5IOPZoxNOqMP0wctzHn/PF+84/M/92L18Yj:kacBQuJVkW5IOaxNOqMPVo7F+8MM/9Zc
Score

9^/10

defense_evasion discovery
- Contacts a large (116584) amount of remote hosts
  This may indicate a network scan to discover remotely running services.
  discovery
- Creates a large amount of network flows
  This may indicate a network scan to discover remotely running services.
  discovery
- Modifies Watchdog functionality
  Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.
  defense_evasion
- Writes file to system bin folder
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Impair Defenses

Credential Access

Discovery

Network Service Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

defense_evasiondiscovery