General

  • Target

    jew.mpsl.elf

  • Size

    118KB

  • Sample

    241212-q8n44ayjdj

  • MD5

    e9315eed08df8e616e90b23489b11425

  • SHA1

    840242925b001dcdba7548e920b18ab74d5b25a1

  • SHA256

    c4f1c962ab04c95bc82fbf2b3c7d3b78a902f42fb8e3c23a88559d1522cb35f6

  • SHA512

    f33fdb2f8db606d50deb2b7ce64f75f6e80b29579078d7cd54db62b277a5abb06f193a8eda98e1d8ed570871be8d55279087ec3571a5ce7e14b93f4efe0dda85

  • SSDEEP

    1536:3bKhLmtwdR2B3aUerZxUKvuNxmVHg1X187ji0z4LoomBeRzsmgexbDrIA/8ElJdw:qZxUcuNxmVHyFkjbz4gWBZ

Malware Config

Extracted

Family

mirai

Botnet

KURC

Targets

    • Target

      jew.mpsl.elf

    • Size

      118KB

    • MD5

      e9315eed08df8e616e90b23489b11425

    • SHA1

      840242925b001dcdba7548e920b18ab74d5b25a1

    • SHA256

      c4f1c962ab04c95bc82fbf2b3c7d3b78a902f42fb8e3c23a88559d1522cb35f6

    • SHA512

      f33fdb2f8db606d50deb2b7ce64f75f6e80b29579078d7cd54db62b277a5abb06f193a8eda98e1d8ed570871be8d55279087ec3571a5ce7e14b93f4efe0dda85

    • SSDEEP

      1536:3bKhLmtwdR2B3aUerZxUKvuNxmVHg1X187ji0z4LoomBeRzsmgexbDrIA/8ElJdw:qZxUcuNxmVHyFkjbz4gWBZ

    • Contacts a large (96625) amount of remote hosts

      This may indicate a network scan to discover remotely running services.

    • Creates a large amount of network flows

      This may indicate a network scan to discover remotely running services.

    • Modifies Watchdog functionality

      Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.

    • Writes file to system bin folder

MITRE ATT&CK Enterprise v15

Tasks