mirai | 0a7134ff9555d9373f44c49bdea7fcdcb83bff5e090cde58dac44f505d099e70 | Triage

Sharing

General

Target

0x86d.mpsl.elf
Size

94KB
Sample

241213-k97pyawjdn
MD5

70ce477bf31b038fbdf2572685b13c44
SHA1

e113064c6754344c764aca244157843d4ee048f3
SHA256

0a7134ff9555d9373f44c49bdea7fcdcb83bff5e090cde58dac44f505d099e70
SHA512

c6d7e6f59f89af0ec00e15392259fd10b9f74fa776e1ba9f95ab24d7070738c52231c97b9c7f2eb3b039b9320e418d9cb3e0bbfccc890c56857d2d66457634ae
SSDEEP

1536:IIdgIHlIodXYtiTeLM/eNLNnit7ZIzAFy4pZ1BV6h5xJfCW:IIdgIHlIoh+LNit7ZPFbpCVqW

Score

10^/10

mirai unstable defense_evasion

Malware Config

Extracted

Family

mirai

Botnet

UNSTABLE

C2

jinhj.stressamp.com

rgvsf.stressamp.com

Targets

- Target
  
  0x86d.mpsl.elf
- Size
  
  94KB
- MD5
  
  70ce477bf31b038fbdf2572685b13c44
- SHA1
  
  e113064c6754344c764aca244157843d4ee048f3
- SHA256
  
  0a7134ff9555d9373f44c49bdea7fcdcb83bff5e090cde58dac44f505d099e70
- SHA512
  
  c6d7e6f59f89af0ec00e15392259fd10b9f74fa776e1ba9f95ab24d7070738c52231c97b9c7f2eb3b039b9320e418d9cb3e0bbfccc890c56857d2d66457634ae
- SSDEEP
  
  1536:IIdgIHlIodXYtiTeLM/eNLNnit7ZIzAFy4pZ1BV6h5xJfCW:IIdgIHlIoh+LNit7ZPFbpCVqW
Score

7^/10

defense_evasion
- Deletes itself
- Modifies Watchdog functionality
  Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.
  defense_evasion
- Writes file to system bin folder
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Impair Defenses

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

defense_evasion