General
-
Target
1a698a7548e186155ad9802aa85952527bb0a1ab772462ee5b031de63f2f8aad.elf
-
Size
94KB
-
Sample
241214-cq7ltssqht
-
MD5
04b0ce1124a63fd41bb394ba5d6e771a
-
SHA1
ff872de5221a319cecca7bff9e699a67f1af6f32
-
SHA256
1a698a7548e186155ad9802aa85952527bb0a1ab772462ee5b031de63f2f8aad
-
SHA512
41d2a5c6c2a8e8360ac19499154323e268f68fc1015a927fd38ff42f692696a3e347d705b4444287647826a572091dd16f944190e536bc38e3ea2c92e99b5915
-
SSDEEP
1536:tifuxWZfMCV8SerqEbYJJSw1J2V4J+aIZRIdD3Bf/wbZnsRp:t9xWaCNlr2VQ+HCx/wbZnsR
Malware Config
Extracted
mirai
MIRAI
asdfui.elite-api.su
Targets
-
-
Target
1a698a7548e186155ad9802aa85952527bb0a1ab772462ee5b031de63f2f8aad.elf
-
Size
94KB
-
MD5
04b0ce1124a63fd41bb394ba5d6e771a
-
SHA1
ff872de5221a319cecca7bff9e699a67f1af6f32
-
SHA256
1a698a7548e186155ad9802aa85952527bb0a1ab772462ee5b031de63f2f8aad
-
SHA512
41d2a5c6c2a8e8360ac19499154323e268f68fc1015a927fd38ff42f692696a3e347d705b4444287647826a572091dd16f944190e536bc38e3ea2c92e99b5915
-
SSDEEP
1536:tifuxWZfMCV8SerqEbYJJSw1J2V4J+aIZRIdD3Bf/wbZnsRp:t9xWaCNlr2VQ+HCx/wbZnsR
Score9/10-
Contacts a large (19689) amount of remote hosts
This may indicate a network scan to discover remotely running services.
-
Creates a large amount of network flows
This may indicate a network scan to discover remotely running services.
-
File and Directory Permissions Modification
Adversaries may modify file or directory permissions to evade defenses.
-
Unexpected DNS network traffic destination
Network traffic to other servers than the configured DNS servers was detected on the DNS port.
-
Modifies rc script
Adding/modifying system rc scripts is a common persistence mechanism.
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Boot or Logon Initialization Scripts
1RC Scripts
1Privilege Escalation
Boot or Logon Autostart Execution
1Boot or Logon Initialization Scripts
1RC Scripts
1