Overview

overview

10

Static

static

10

elitebotnet.arm7.elf

debian-9-armhf

9

Sharing

Copy URL
Twitter E-mail

General

  • Target

    elitebotnet.arm7.elf

  • Size

    157KB

  • Sample

    241213-r7jzes1qez

  • MD5

    039cc3f6c287db74271633fceb099529

  • SHA1

    eff890d71b3b2b0a63cda8150aa44f7523a680c2

  • SHA256

    bbb53c572a1a01eb7c910d59e362fa68d2b0a6e005065453b044bc22f80c6107

  • SHA512

    aec5d87f1ac8bcc098f4bf20781b3dcab6939ff04bff37762f088fee1fd35a1ed9fa6f665534d5795c75669838ad01211fc26e3e23b9a2137e5cefd746c172bf

  • SSDEEP

    3072:GkFWblVIqaNZNPCBATmI9ZeSxiwZdwbZn5uOMpfM/93Lke:G6gOqaNZNPCBk9ZIawR5uOMZM/93Lke

Score
10/10
miraimiraidefense_evasiondiscoverypersistence

Malware Config

Extracted

Family

mirai

Botnet

MIRAI

C2

asdfui.elite-api.su

Targets

    • Target

      elitebotnet.arm7.elf

    • Size

      157KB

    • MD5

      039cc3f6c287db74271633fceb099529

    • SHA1

      eff890d71b3b2b0a63cda8150aa44f7523a680c2

    • SHA256

      bbb53c572a1a01eb7c910d59e362fa68d2b0a6e005065453b044bc22f80c6107

    • SHA512

      aec5d87f1ac8bcc098f4bf20781b3dcab6939ff04bff37762f088fee1fd35a1ed9fa6f665534d5795c75669838ad01211fc26e3e23b9a2137e5cefd746c172bf

    • SSDEEP

      3072:GkFWblVIqaNZNPCBATmI9ZeSxiwZdwbZn5uOMpfM/93Lke:G6gOqaNZNPCBk9ZIawR5uOMZM/93Lke

    Score
    9/10
    defense_evasiondiscoverypersistence

    • Contacts a large (23830) amount of remote hosts

      This may indicate a network scan to discover remotely running services.

      discovery

    • Creates a large amount of network flows

      This may indicate a network scan to discover remotely running services.

      discovery

    • File and Directory Permissions Modification

      Adversaries may modify file or directory permissions to evade defenses.

      defense_evasion

    • Modifies rc script

      Adding/modifying system rc scripts is a common persistence mechanism.

      persistence
    behavioral1

MITRE ATT&CK Enterprise v15

Tasks