Overview

overview

10

Static

static

10

Josho.arm.elf

debian-9-armhf

9

Sharing

Copy URL
Twitter E-mail

General

  • Target

    Josho.arm.elf

  • Size

    55KB

  • Sample

    241210-w6lh3stjfv

  • MD5

    0497c42168d2c6f5499aa14c0640f17c

  • SHA1

    85567cb5c2143b975c0bfa0096cd4523038b8bbc

  • SHA256

    fca2f1359a75ca82549687dea0b8d20372291074d84e62f2caeccb43fe2ff6af

  • SHA512

    ac183652a61030d2c56028a802c908c26dc30b3fa62f0d9016775c588805c0694fd239e61a8ab748efc3940b3b98c827462314a286f23be61417edfe26a29e5a

  • SSDEEP

    768:N1c82KhvRRTdj7tsq5sebD07B8drbonjxDdSYGSq/EanRP89UapvTLwCVy/rCxH1:Nb24Th7ttujxynRP4U8ShW+15RL+Sr

Score
10/10
miraijoshodefense_evasiondiscovery

Malware Config

Extracted

Family

mirai

Botnet

JOSHO

Targets

    • Target

      Josho.arm.elf

    • Size

      55KB

    • MD5

      0497c42168d2c6f5499aa14c0640f17c

    • SHA1

      85567cb5c2143b975c0bfa0096cd4523038b8bbc

    • SHA256

      fca2f1359a75ca82549687dea0b8d20372291074d84e62f2caeccb43fe2ff6af

    • SHA512

      ac183652a61030d2c56028a802c908c26dc30b3fa62f0d9016775c588805c0694fd239e61a8ab748efc3940b3b98c827462314a286f23be61417edfe26a29e5a

    • SSDEEP

      768:N1c82KhvRRTdj7tsq5sebD07B8drbonjxDdSYGSq/EanRP89UapvTLwCVy/rCxH1:Nb24Th7ttujxynRP4U8ShW+15RL+Sr

    Score
    9/10
    defense_evasiondiscovery

    • Contacts a large (152098) amount of remote hosts

      This may indicate a network scan to discover remotely running services.

      discovery

    • Creates a large amount of network flows

      This may indicate a network scan to discover remotely running services.

      discovery

    • Modifies Watchdog functionality

      Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.

      defense_evasion

    • Enumerates active TCP sockets

      Gets active TCP sockets from /proc virtual filesystem.

      discovery
    behavioral1

MITRE ATT&CK Enterprise v15

Tasks