General
-
Target
elitebotnet.mips.elf
-
Size
93KB
-
Sample
241213-r5yd2atkhk
-
MD5
5b71de88f7f0a50f560bd3ec61bfb43f
-
SHA1
f9011179a0e41216633283c86caad75895fcde9c
-
SHA256
c2495bf6bf55b3d2ad2a6a7db9c1256d003665048faca66893804232023c5870
-
SHA512
189662e5105cac6dad926697c8a3b2ded96a0372b99ce12cc7d6d17c69ab746ef12fcf49fad609eaf11faa0590119eef67830aad128cfe56cde30c022ce6ef0d
-
SSDEEP
1536:8mXEcKs+8Yg7+mO6TWnwqto0MiftA2AeTEB7wbZnmb/6:BXEcK58Yg7+mO68wqto0Mif62oB7wbZF
Malware Config
Extracted
mirai
MIRAI
asdfui.elite-api.su
Targets
-
-
Target
elitebotnet.mips.elf
-
Size
93KB
-
MD5
5b71de88f7f0a50f560bd3ec61bfb43f
-
SHA1
f9011179a0e41216633283c86caad75895fcde9c
-
SHA256
c2495bf6bf55b3d2ad2a6a7db9c1256d003665048faca66893804232023c5870
-
SHA512
189662e5105cac6dad926697c8a3b2ded96a0372b99ce12cc7d6d17c69ab746ef12fcf49fad609eaf11faa0590119eef67830aad128cfe56cde30c022ce6ef0d
-
SSDEEP
1536:8mXEcKs+8Yg7+mO6TWnwqto0MiftA2AeTEB7wbZnmb/6:BXEcK58Yg7+mO68wqto0Mif62oB7wbZF
Score9/10-
Contacts a large (23829) amount of remote hosts
This may indicate a network scan to discover remotely running services.
-
Creates a large amount of network flows
This may indicate a network scan to discover remotely running services.
-
File and Directory Permissions Modification
Adversaries may modify file or directory permissions to evade defenses.
-
Modifies rc script
Adding/modifying system rc scripts is a common persistence mechanism.
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Boot or Logon Initialization Scripts
1RC Scripts
1Privilege Escalation
Boot or Logon Autostart Execution
1Boot or Logon Initialization Scripts
1RC Scripts
1