mirai | f6c4459e86916915efdbdfeeb794e98073ed34e05a07ed00e8bd1637a127adfa | Triage

Sharing

General

Target

jew.x86.elf
Size

60KB
Sample

241209-epmw5szjbt
MD5

f548654588ef9ebcc5fed9264e791fab
SHA1

c6df944390aef3538c92fccf9ec9dc4de99503ce
SHA256

f6c4459e86916915efdbdfeeb794e98073ed34e05a07ed00e8bd1637a127adfa
SHA512

e70e12fda5b0cf7718400540117aeb8a573c5c9c2ee18184e0f875e843e4a0bbcbae1e83839b58e509d27d79ebd1183fe79f91e69c49598f3f61c27200dda636
SSDEEP

768:JjiwQ4KFW+Ny+8GbGN1hLZzRMLxJtWOboPLZhgtp7Cya3slMqWvjW:Ey+NH8x7hVxObchgTNJWrW

Score

10^/10

mirai kurc discovery linux rootkit

Malware Config

Extracted

Family

mirai

Botnet

KURC

Targets

- Target
  
  jew.x86.elf
- Size
  
  60KB
- MD5
  
  f548654588ef9ebcc5fed9264e791fab
- SHA1
  
  c6df944390aef3538c92fccf9ec9dc4de99503ce
- SHA256
  
  f6c4459e86916915efdbdfeeb794e98073ed34e05a07ed00e8bd1637a127adfa
- SHA512
  
  e70e12fda5b0cf7718400540117aeb8a573c5c9c2ee18184e0f875e843e4a0bbcbae1e83839b58e509d27d79ebd1183fe79f91e69c49598f3f61c27200dda636
- SSDEEP
  
  768:JjiwQ4KFW+Ny+8GbGN1hLZzRMLxJtWOboPLZhgtp7Cya3slMqWvjW:Ey+NH8x7hVxObchgTNJWrW
Score

9^/10

discovery rootkit
- Contacts a large (115775) amount of remote hosts
  This may indicate a network scan to discover remotely running services.
  discovery
- Creates a large amount of network flows
  This may indicate a network scan to discover remotely running services.
  discovery
- Loads a kernel module
  Loads a Linux kernel module, potentially to achieve persistence
  rootkit
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Network Service Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

discoveryrootkit