mirai | ad84c14b2c8d8ea704940449d8f94ba5592bd29a8cdb50e5d03e94f8873258b1 | Triage

Sharing

General

Target

jew.arm7.elf
Size

133KB
Sample

241207-x7qd4avlaj
MD5

68f801d4389ba75ea8b92076e839ca4d
SHA1

28cae6af4f3d274adee97a823eec34ca873d77d5
SHA256

ad84c14b2c8d8ea704940449d8f94ba5592bd29a8cdb50e5d03e94f8873258b1
SHA512

4e4b797d7c2c6e5db1422438fcf3991da94fe0a1d6a0f111186b005c0f9c96459018a1b854ac5c8962b1c6648c11a39c7295a5d9fab1798cc26846be30fbba49
SSDEEP

3072:5KacBqVuJVkW5IOPZoxNOqMP0wctzHnZPF+84/M/92L18Yj:kacBQuJVkW5IOaxNOqMPVoZF+8MM/9Zc

Score

10^/10

mirai kurc defense_evasion discovery

Malware Config

Extracted

Family

mirai

Botnet

KURC

Targets

- Target
  
  jew.arm7.elf
- Size
  
  133KB
- MD5
  
  68f801d4389ba75ea8b92076e839ca4d
- SHA1
  
  28cae6af4f3d274adee97a823eec34ca873d77d5
- SHA256
  
  ad84c14b2c8d8ea704940449d8f94ba5592bd29a8cdb50e5d03e94f8873258b1
- SHA512
  
  4e4b797d7c2c6e5db1422438fcf3991da94fe0a1d6a0f111186b005c0f9c96459018a1b854ac5c8962b1c6648c11a39c7295a5d9fab1798cc26846be30fbba49
- SSDEEP
  
  3072:5KacBqVuJVkW5IOPZoxNOqMP0wctzHnZPF+84/M/92L18Yj:kacBQuJVkW5IOaxNOqMPVoZF+8MM/9Zc
Score

9^/10

defense_evasion discovery
- Contacts a large (115783) amount of remote hosts
  This may indicate a network scan to discover remotely running services.
  discovery
- Creates a large amount of network flows
  This may indicate a network scan to discover remotely running services.
  discovery
- Modifies Watchdog functionality
  Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.
  defense_evasion
- Writes file to system bin folder
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Impair Defenses

Credential Access

Discovery

Network Service Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

defense_evasiondiscovery