mirai | 5626358bd6841887472fe761a0ced78ff7ff8cc8536d5efe501c74b89d95b8b8 | Triage

Sharing

General

Target

jew.arm.elf
Size

73KB
Sample

241209-r5vm5s1lg1
MD5

f9c324081f4315728de25d5a4406c8d5
SHA1

bd18ffb8474ce42a49d53d149226493b6c46af63
SHA256

5626358bd6841887472fe761a0ced78ff7ff8cc8536d5efe501c74b89d95b8b8
SHA512

6aa31fb4e5173ceca2e4733dfacc445625876614264db0955a6e8c4771f137fba3ca06dfe6ee3d2987aa5ef4c99939ca691abb80a81871a41f1c0639d5d3cd29
SSDEEP

1536:Wt0+Dr9FUHQx5QsvDjNl2InZtarEpSH2bxhUuZ00YFI2rxgld42+:o0+Awx+svPF6rkS6SwrYFI2rxG

Score

10^/10

mirai kurc defense_evasion discovery

Malware Config

Extracted

Family

mirai

Botnet

KURC

Targets

- Target
  
  jew.arm.elf
- Size
  
  73KB
- MD5
  
  f9c324081f4315728de25d5a4406c8d5
- SHA1
  
  bd18ffb8474ce42a49d53d149226493b6c46af63
- SHA256
  
  5626358bd6841887472fe761a0ced78ff7ff8cc8536d5efe501c74b89d95b8b8
- SHA512
  
  6aa31fb4e5173ceca2e4733dfacc445625876614264db0955a6e8c4771f137fba3ca06dfe6ee3d2987aa5ef4c99939ca691abb80a81871a41f1c0639d5d3cd29
- SSDEEP
  
  1536:Wt0+Dr9FUHQx5QsvDjNl2InZtarEpSH2bxhUuZ00YFI2rxgld42+:o0+Awx+svPF6rkS6SwrYFI2rxG
Score

9^/10

defense_evasion discovery
- Contacts a large (116562) amount of remote hosts
  This may indicate a network scan to discover remotely running services.
  discovery
- Creates a large amount of network flows
  This may indicate a network scan to discover remotely running services.
  discovery
- Modifies Watchdog functionality
  Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.
  defense_evasion
- Writes file to system bin folder
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Impair Defenses

Credential Access

Discovery

Network Service Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

defense_evasiondiscovery