mirai | 79537190a86f8e237e164354172d4c2b73cba0d91a645d0b72cb7e3347e71dc9 | Triage

Sharing

General

Target

jew.arm6.elf
Size

74KB
Sample

241211-19myjavnbr
MD5

0144680469364464aee1462d725a4d48
SHA1

71e5a8810254d39869ea661193028f5605ae4687
SHA256

79537190a86f8e237e164354172d4c2b73cba0d91a645d0b72cb7e3347e71dc9
SHA512

f6248ef3726f0eb4b4c5415afc9a90b779a8c0e0d6486ace9e54904e10de8389419e8f3b888aea63634420b1e00c0a63c2422cf0f91793e0754d843cc9333b3c
SSDEEP

1536:jHnub6m+a+V1H8gioIFRuPzNI1IIUkIXhnGtHSqTQZD2E2p+YrEfqOQ9fdrqxd4r:pcgoIzN5WzMZDHnOor

Score

10^/10

mirai kurc defense_evasion discovery

Malware Config

Extracted

Family

mirai

Botnet

KURC

Targets

- Target
  
  jew.arm6.elf
- Size
  
  74KB
- MD5
  
  0144680469364464aee1462d725a4d48
- SHA1
  
  71e5a8810254d39869ea661193028f5605ae4687
- SHA256
  
  79537190a86f8e237e164354172d4c2b73cba0d91a645d0b72cb7e3347e71dc9
- SHA512
  
  f6248ef3726f0eb4b4c5415afc9a90b779a8c0e0d6486ace9e54904e10de8389419e8f3b888aea63634420b1e00c0a63c2422cf0f91793e0754d843cc9333b3c
- SSDEEP
  
  1536:jHnub6m+a+V1H8gioIFRuPzNI1IIUkIXhnGtHSqTQZD2E2p+YrEfqOQ9fdrqxd4r:pcgoIzN5WzMZDHnOor
Score

9^/10

defense_evasion discovery
- Contacts a large (117360) amount of remote hosts
  This may indicate a network scan to discover remotely running services.
  discovery
- Creates a large amount of network flows
  This may indicate a network scan to discover remotely running services.
  discovery
- Modifies Watchdog functionality
  Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.
  defense_evasion
- Writes file to system bin folder
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Impair Defenses

Credential Access

Discovery

Network Service Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

defense_evasiondiscovery