mirai | e8ca93ec9f737481e131b64981ebf0212958dd1b43ef36a944869ae0f603e6f1 | Triage

Sharing

General

Target

jew.x86.elf
Size

60KB
Sample

241207-etsm7a1pek
MD5

c790dde9d4762b3e82c0d9e41df91fb9
SHA1

341070d0148f795a2b6dd1d988e497f4084bebe7
SHA256

e8ca93ec9f737481e131b64981ebf0212958dd1b43ef36a944869ae0f603e6f1
SHA512

ffa49eae4d60f3ff6f1b0fe053c5f8293e6eca3737d2805e464336376ca6f705da949936530c595bc33b4c49b7a80d8672f03414f027421394436b26c471697f
SSDEEP

768:JjiwQ4KFW+Ny+8GbGN1hLZzWMLxJtWOboPLZhgtp7Cya3slMqWvja:Ey+NH8x7hVEObchgTNJWra

Score

10^/10

mirai kurc discovery linux rootkit

Malware Config

Extracted

Family

mirai

Botnet

KURC

Targets

- Target
  
  jew.x86.elf
- Size
  
  60KB
- MD5
  
  c790dde9d4762b3e82c0d9e41df91fb9
- SHA1
  
  341070d0148f795a2b6dd1d988e497f4084bebe7
- SHA256
  
  e8ca93ec9f737481e131b64981ebf0212958dd1b43ef36a944869ae0f603e6f1
- SHA512
  
  ffa49eae4d60f3ff6f1b0fe053c5f8293e6eca3737d2805e464336376ca6f705da949936530c595bc33b4c49b7a80d8672f03414f027421394436b26c471697f
- SSDEEP
  
  768:JjiwQ4KFW+Ny+8GbGN1hLZzWMLxJtWOboPLZhgtp7Cya3slMqWvja:Ey+NH8x7hVEObchgTNJWra
Score

9^/10

discovery rootkit
- Contacts a large (115703) amount of remote hosts
  This may indicate a network scan to discover remotely running services.
  discovery
- Creates a large amount of network flows
  This may indicate a network scan to discover remotely running services.
  discovery
- Loads a kernel module
  Loads a Linux kernel module, potentially to achieve persistence
  rootkit
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Network Service Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

discoveryrootkit