mirai | 36b38a7e807e19d2616365df513078b18803d512a0fad95d570334b402e39421 | Triage

Sharing

General

Target

36b38a7e807e19d2616365df513078b18803d512a0fad95d570334b402e39421.elf
Size

74KB
Sample

241211-cwvjfs1pfy
MD5

3808873ddb09bbf9d0ad9364c0f52975
SHA1

c291f8efcc6c26f0f0d59dbd8c9b1875107b19f0
SHA256

36b38a7e807e19d2616365df513078b18803d512a0fad95d570334b402e39421
SHA512

73df03da83958b2d7c696b13b012d19cc76a5bd065b42df333763bcca7589194d473ce3e9a11dcf9b6caac8b604227e50abbcadf88abb75e22c6f6e7cacc4b44
SSDEEP

1536:LyW09jlkyqWku72m289p/jmxMY0/ckTM/vg/wbZnN:LyW09jbkW289tjmq6g/wbZnN

Score

10^/10

mirai mirai defense_evasion discovery persistence

Malware Config

Extracted

Family

mirai

Botnet

MIRAI

Targets

- Target
  
  36b38a7e807e19d2616365df513078b18803d512a0fad95d570334b402e39421.elf
- Size
  
  74KB
- MD5
  
  3808873ddb09bbf9d0ad9364c0f52975
- SHA1
  
  c291f8efcc6c26f0f0d59dbd8c9b1875107b19f0
- SHA256
  
  36b38a7e807e19d2616365df513078b18803d512a0fad95d570334b402e39421
- SHA512
  
  73df03da83958b2d7c696b13b012d19cc76a5bd065b42df333763bcca7589194d473ce3e9a11dcf9b6caac8b604227e50abbcadf88abb75e22c6f6e7cacc4b44
- SSDEEP
  
  1536:LyW09jlkyqWku72m289p/jmxMY0/ckTM/vg/wbZnN:LyW09jbkW289tjmq6g/wbZnN
Score

9^/10

defense_evasion discovery persistence
- Contacts a large (23189) amount of remote hosts
  This may indicate a network scan to discover remotely running services.
  discovery
- Creates a large amount of network flows
  This may indicate a network scan to discover remotely running services.
  discovery
- File and Directory Permissions Modification
  Adversaries may modify file or directory permissions to evade defenses.
  defense_evasion
- Modifies rc script
  Adding/modifying system rc scripts is a common persistence mechanism.
  persistence
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Boot or Logon Initialization Scripts

RC Scripts

Privilege Escalation

Boot or Logon Autostart Execution

Boot or Logon Initialization Scripts

RC Scripts

Defense Evasion

File and Directory Permissions Modification

Linux and Mac File and Directory Permissions Modification

Credential Access

Discovery

Network Service Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

defense_evasiondiscoverypersistence