mirai | 672bb3b2ece2e6406e7cc74e03242946d5fb728852a7063fd56858c0c646dd6c | Triage

Sharing

General

Target

jew.arm7.elf
Size

133KB
Sample

241209-epm7xazjbw
MD5

7cb9ff4f5e6d17064d56589713b95b08
SHA1

78be0c2c7839165a18c8c5aa15f81c902d17b855
SHA256

672bb3b2ece2e6406e7cc74e03242946d5fb728852a7063fd56858c0c646dd6c
SHA512

952fc55bf67b80b36dd9b66733dd2162b00b667fe9b518ab935161e816fae050ac10a0fc17d5444f0769815a43fa4547d10c2061136afe17e915c115207e6bb7
SSDEEP

3072:5KacBqVuJVkW5IOPZoxNOqMP0wctzHnDPF+84/M/92L18Yj:kacBQuJVkW5IOaxNOqMPVovF+8MM/9Zc

Score

10^/10

mirai kurc defense_evasion discovery

Malware Config

Extracted

Family

mirai

Botnet

KURC

Targets

- Target
  
  jew.arm7.elf
- Size
  
  133KB
- MD5
  
  7cb9ff4f5e6d17064d56589713b95b08
- SHA1
  
  78be0c2c7839165a18c8c5aa15f81c902d17b855
- SHA256
  
  672bb3b2ece2e6406e7cc74e03242946d5fb728852a7063fd56858c0c646dd6c
- SHA512
  
  952fc55bf67b80b36dd9b66733dd2162b00b667fe9b518ab935161e816fae050ac10a0fc17d5444f0769815a43fa4547d10c2061136afe17e915c115207e6bb7
- SSDEEP
  
  3072:5KacBqVuJVkW5IOPZoxNOqMP0wctzHnDPF+84/M/92L18Yj:kacBQuJVkW5IOaxNOqMPVovF+8MM/9Zc
Score

9^/10

defense_evasion discovery
- Contacts a large (115776) amount of remote hosts
  This may indicate a network scan to discover remotely running services.
  discovery
- Creates a large amount of network flows
  This may indicate a network scan to discover remotely running services.
  discovery
- Modifies Watchdog functionality
  Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.
  defense_evasion
- Writes file to system bin folder
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Impair Defenses

Credential Access

Discovery

Network Service Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

defense_evasiondiscovery