mirai | 07ae7eb36dc1201da22a0ba23e5a4929e78ace0579c1381de021d7cf8c978952 | Triage

Sharing

General

Target

jew.arm6.elf
Size

74KB
Sample

241207-x7hz1svkhl
MD5

f0b77c155537d308033ad7b7294b92c9
SHA1

1b7c208de04ee6b2f62f7f58f4666bd8cecfbaa7
SHA256

07ae7eb36dc1201da22a0ba23e5a4929e78ace0579c1381de021d7cf8c978952
SHA512

d475a88b9c68aa75cbcb24cb29254b42638e0d712079a52c3e271a92df8494b1262eaa732d92ea5d0134f56cc1660289d6353d06e7d8a9af19c32b35d5c5ce24
SSDEEP

1536:jHnub6m+a+V1H8gioIFRuPzNI1IIUkIXhnGSHSqTQZD2E2p+YrEfqOQ9fdrqzd4r:pcgoIzN5FzMZDHnOoR

Score

10^/10

mirai kurc defense_evasion discovery

Malware Config

Extracted

Family

mirai

Botnet

KURC

Targets

- Target
  
  jew.arm6.elf
- Size
  
  74KB
- MD5
  
  f0b77c155537d308033ad7b7294b92c9
- SHA1
  
  1b7c208de04ee6b2f62f7f58f4666bd8cecfbaa7
- SHA256
  
  07ae7eb36dc1201da22a0ba23e5a4929e78ace0579c1381de021d7cf8c978952
- SHA512
  
  d475a88b9c68aa75cbcb24cb29254b42638e0d712079a52c3e271a92df8494b1262eaa732d92ea5d0134f56cc1660289d6353d06e7d8a9af19c32b35d5c5ce24
- SSDEEP
  
  1536:jHnub6m+a+V1H8gioIFRuPzNI1IIUkIXhnGSHSqTQZD2E2p+YrEfqOQ9fdrqzd4r:pcgoIzN5FzMZDHnOoR
Score

9^/10

defense_evasion discovery
- Contacts a large (112645) amount of remote hosts
  This may indicate a network scan to discover remotely running services.
  discovery
- Creates a large amount of network flows
  This may indicate a network scan to discover remotely running services.
  discovery
- Modifies Watchdog functionality
  Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.
  defense_evasion
- Writes file to system bin folder
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Impair Defenses

Credential Access

Discovery

Network Service Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

defense_evasiondiscovery