mirai | bcc6a225fdd609e4f1a80777042c6630bbb8138915e0c19dace0aad27e79a242 | Triage

Submit
Reports

Overview

overview

Static

static

5

bcc6a225fd...42.elf

debian-12-armhf

Sharing

General

Target

bcc6a225fdd609e4f1a80777042c6630bbb8138915e0c19dace0aad27e79a242.elf
Size

64KB
Sample

241209-lq3sbaylcm
MD5

a9ef29b96b041af9184f221b6ee248de
SHA1

8cb3dbcc3aae24803b2cd5880e74928ec3f3d2c3
SHA256

bcc6a225fdd609e4f1a80777042c6630bbb8138915e0c19dace0aad27e79a242
SHA512

8deb0765a2a951af24119351596f993511306ee9797bc844d89eb9ba9dae9f78facf9b2e08e8b7491bf4c7111cbc16ad0de49cd273ab4c99daed3ec4fe17cc43
SSDEEP

1536:VG14Lv3X2aju8uJnaMo6O4HZUO8EkwCOtWSlnR1LL8VG3c+bNF:7L3mK7Aa36O4qqCOtWSlR1LL8ENF

Score

10^/10

mirai botnet defense_evasion discovery upx

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

bcc6a225fdd609e4f1a80777042c6630bbb8138915e0c19dace0aad27e79a242.elf

Resource

debian12-armhf-20240221-en

mirai botnet defense_evasion discovery

debian-12-armhf

10 signatures

150 seconds

Malware Config

Targets

- Target
  
  bcc6a225fdd609e4f1a80777042c6630bbb8138915e0c19dace0aad27e79a242.elf
- Size
  
  64KB
- MD5
  
  a9ef29b96b041af9184f221b6ee248de
- SHA1
  
  8cb3dbcc3aae24803b2cd5880e74928ec3f3d2c3
- SHA256
  
  bcc6a225fdd609e4f1a80777042c6630bbb8138915e0c19dace0aad27e79a242
- SHA512
  
  8deb0765a2a951af24119351596f993511306ee9797bc844d89eb9ba9dae9f78facf9b2e08e8b7491bf4c7111cbc16ad0de49cd273ab4c99daed3ec4fe17cc43
- SSDEEP
  
  1536:VG14Lv3X2aju8uJnaMo6O4HZUO8EkwCOtWSlnR1LL8VG3c+bNF:7L3mK7Aa36O4qqCOtWSlR1LL8ENF
Score

10^/10

mirai botnet defense_evasion discovery
- Mirai
  Mirai is a prevalent Linux malware infecting exposed network devices.
  botnet mirai
- Mirai family
  mirai
- Contacts a large (41613) amount of remote hosts
  This may indicate a network scan to discover remotely running services.
  discovery
- Creates a large amount of network flows
  This may indicate a network scan to discover remotely running services.
  discovery
- Deletes itself
- Modifies Watchdog functionality
  Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.
  defense_evasion
- Writes DNS configuration
  Writes data to DNS resolver config file.
- Enumerates running processes
  Discovers information about currently running processes on the system
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Impair Defenses

Credential Access

Adversary-in-the-Middle

Discovery

Network Service Discovery

Lateral Movement

Collection

Adversary-in-the-Middle

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

miraibotnetdefense_evasiondiscovery

© 2018-2025

Terms | Privacy