mirai | c25d610eee32bedb28b991670bc77f85754fec6762eeb82dd5e467a4eaebfcb9 | Triage

Submit
Reports

Overview

overview

Static

static

main_arm.elf

debian-9-armhf

9

Sharing

General

Target

main_arm.elf
Size

49KB
Sample

241206-vr467syjew
MD5

af848b47c928f2824768a6634fd73c4f
SHA1

9f288a4124f65c4494e3b636f1363d74d74a871b
SHA256

c25d610eee32bedb28b991670bc77f85754fec6762eeb82dd5e467a4eaebfcb9
SHA512

38d7a32301bcfa19e57cc0f5c783138fb1adea56441bf7fe9001c59b6e58e36b731c6aabf9440f3f8d8e7d28bd73895f23c75fd1d60071ce86e2cc718f9dde5f
SSDEEP

768:vjXxB/BUuYxob0LZ5/Dah1mTY2xb6f3gPseN9MCN69rGLPehUD/hyB06adURR5Pc:bxB/SDXDaUMeNqCcMLg65oNIF

Score

10^/10

mirai sora defense_evasion discovery

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

main_arm.elf

Resource

debian9-armhf-20240611-en

defense_evasion discovery

debian-9-armhf

8 signatures

150 seconds

Malware Config

Extracted

Family

mirai

Botnet

SORA

Targets

- Target
  
  main_arm.elf
- Size
  
  49KB
- MD5
  
  af848b47c928f2824768a6634fd73c4f
- SHA1
  
  9f288a4124f65c4494e3b636f1363d74d74a871b
- SHA256
  
  c25d610eee32bedb28b991670bc77f85754fec6762eeb82dd5e467a4eaebfcb9
- SHA512
  
  38d7a32301bcfa19e57cc0f5c783138fb1adea56441bf7fe9001c59b6e58e36b731c6aabf9440f3f8d8e7d28bd73895f23c75fd1d60071ce86e2cc718f9dde5f
- SSDEEP
  
  768:vjXxB/BUuYxob0LZ5/Dah1mTY2xb6f3gPseN9MCN69rGLPehUD/hyB06adURR5Pc:bxB/SDXDaUMeNqCcMLg65oNIF
Score

9^/10

defense_evasion discovery
- Contacts a large (55659) amount of remote hosts
  This may indicate a network scan to discover remotely running services.
  discovery
- Creates a large amount of network flows
  This may indicate a network scan to discover remotely running services.
  discovery
- Modifies Watchdog functionality
  Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.
  defense_evasion
- Enumerates active TCP sockets
  Gets active TCP sockets from /proc virtual filesystem.
  discovery
- Enumerates running processes
  Discovers information about currently running processes on the system
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Impair Defenses

Credential Access

Discovery

Network Service Discovery

System Network Configuration Discovery

Internet Connection Discovery

System Network Connections Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

defense_evasiondiscovery

© 2018-2025

Terms | Privacy