General
-
Target
bbb53c572a1a01eb7c910d59e362fa68d2b0a6e005065453b044bc22f80c6107.elf
-
Size
157KB
-
Sample
241214-pqra3asjes
-
MD5
039cc3f6c287db74271633fceb099529
-
SHA1
eff890d71b3b2b0a63cda8150aa44f7523a680c2
-
SHA256
bbb53c572a1a01eb7c910d59e362fa68d2b0a6e005065453b044bc22f80c6107
-
SHA512
aec5d87f1ac8bcc098f4bf20781b3dcab6939ff04bff37762f088fee1fd35a1ed9fa6f665534d5795c75669838ad01211fc26e3e23b9a2137e5cefd746c172bf
-
SSDEEP
3072:GkFWblVIqaNZNPCBATmI9ZeSxiwZdwbZn5uOMpfM/93Lke:G6gOqaNZNPCBk9ZIawR5uOMZM/93Lke
Malware Config
Extracted
mirai
MIRAI
asdfui.elite-api.su
Targets
-
-
Target
bbb53c572a1a01eb7c910d59e362fa68d2b0a6e005065453b044bc22f80c6107.elf
-
Size
157KB
-
MD5
039cc3f6c287db74271633fceb099529
-
SHA1
eff890d71b3b2b0a63cda8150aa44f7523a680c2
-
SHA256
bbb53c572a1a01eb7c910d59e362fa68d2b0a6e005065453b044bc22f80c6107
-
SHA512
aec5d87f1ac8bcc098f4bf20781b3dcab6939ff04bff37762f088fee1fd35a1ed9fa6f665534d5795c75669838ad01211fc26e3e23b9a2137e5cefd746c172bf
-
SSDEEP
3072:GkFWblVIqaNZNPCBATmI9ZeSxiwZdwbZn5uOMpfM/93Lke:G6gOqaNZNPCBk9ZIawR5uOMZM/93Lke
Score9/10-
Contacts a large (23537) amount of remote hosts
This may indicate a network scan to discover remotely running services.
-
Creates a large amount of network flows
This may indicate a network scan to discover remotely running services.
-
File and Directory Permissions Modification
Adversaries may modify file or directory permissions to evade defenses.
-
Unexpected DNS network traffic destination
Network traffic to other servers than the configured DNS servers was detected on the DNS port.
-
Modifies rc script
Adding/modifying system rc scripts is a common persistence mechanism.
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Boot or Logon Initialization Scripts
1RC Scripts
1Privilege Escalation
Boot or Logon Autostart Execution
1Boot or Logon Initialization Scripts
1RC Scripts
1