General
-
Target
elitebotnet.x86.elf
-
Size
72KB
-
Sample
241213-r21d8a1pbw
-
MD5
5a7d6baa6e0ec7fe3e4b8d70f7c97598
-
SHA1
5e320db909d429468d2ca012b7128a121272791b
-
SHA256
4a4d2cb9f318d3b31c134d7ddff8b0d02b00b023a8079d064c177bb7e760f9b2
-
SHA512
b1527d6be58151dde7137d71dbd027827d466dc53089166fd5c13b93bf301aeaa86ea84a23b372b2e874d0e0c30459bffc9229dc83cda1f32c732032716f7666
-
SSDEEP
1536:cGzNBMNqLIwpZnrjgOSu9RjO1xIS6VTMEEHa3B1b35AYwbZnp:xNegUAnjLRjOnIS6uEEeB1D5AYwbZnp
Malware Config
Extracted
mirai
MIRAI
asdfui.elite-api.su
Targets
-
-
Target
elitebotnet.x86.elf
-
Size
72KB
-
MD5
5a7d6baa6e0ec7fe3e4b8d70f7c97598
-
SHA1
5e320db909d429468d2ca012b7128a121272791b
-
SHA256
4a4d2cb9f318d3b31c134d7ddff8b0d02b00b023a8079d064c177bb7e760f9b2
-
SHA512
b1527d6be58151dde7137d71dbd027827d466dc53089166fd5c13b93bf301aeaa86ea84a23b372b2e874d0e0c30459bffc9229dc83cda1f32c732032716f7666
-
SSDEEP
1536:cGzNBMNqLIwpZnrjgOSu9RjO1xIS6VTMEEHa3B1b35AYwbZnp:xNegUAnjLRjOnIS6uEEeB1D5AYwbZnp
Score9/10-
Contacts a large (23831) amount of remote hosts
This may indicate a network scan to discover remotely running services.
-
Creates a large amount of network flows
This may indicate a network scan to discover remotely running services.
-
File and Directory Permissions Modification
Adversaries may modify file or directory permissions to evade defenses.
-
Modifies rc script
Adding/modifying system rc scripts is a common persistence mechanism.
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Boot or Logon Initialization Scripts
1RC Scripts
1Privilege Escalation
Boot or Logon Autostart Execution
1Boot or Logon Initialization Scripts
1RC Scripts
1