mirai | 598cf678d1a594529cc1568b82096bebcfa390889aecf634c9baa8f9055c9c53 | Triage

Sharing

General

Target

zmap.arm.elf
Size

74KB
Sample

241213-k971pstnbt
MD5

173d8fde74b8598b83bb68514fac4e63
SHA1

f6617abc60331750a8ab74f3094b113f1fc72469
SHA256

598cf678d1a594529cc1568b82096bebcfa390889aecf634c9baa8f9055c9c53
SHA512

4669f0a93d3230570bf12c918cab81863affabcd1719c4ac3700da2905ba4f636b312ed2c1394624e9c96e5ef3110db87dd3c9b0266ea9175896513d02eac7b4
SSDEEP

1536:ax0KyMsOfJ9CvsbOFSL2rBXWqFnvpWs9vvv:axRqFSL2FXW+Bfvv

Score

10^/10

mirai unstable defense_evasion

Malware Config

Extracted

Family

mirai

Botnet

UNSTABLE

C2

schools.meal-data.com

Targets

- Target
  
  zmap.arm.elf
- Size
  
  74KB
- MD5
  
  173d8fde74b8598b83bb68514fac4e63
- SHA1
  
  f6617abc60331750a8ab74f3094b113f1fc72469
- SHA256
  
  598cf678d1a594529cc1568b82096bebcfa390889aecf634c9baa8f9055c9c53
- SHA512
  
  4669f0a93d3230570bf12c918cab81863affabcd1719c4ac3700da2905ba4f636b312ed2c1394624e9c96e5ef3110db87dd3c9b0266ea9175896513d02eac7b4
- SSDEEP
  
  1536:ax0KyMsOfJ9CvsbOFSL2rBXWqFnvpWs9vvv:axRqFSL2FXW+Bfvv
Score

7^/10

defense_evasion
- Deletes itself
- Modifies Watchdog functionality
  Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.
  defense_evasion
- Writes file to system bin folder
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Impair Defenses

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

defense_evasion