General
-
Target
rebirth.arm.elf
-
Size
78KB
-
Sample
241215-csghestjbj
-
MD5
e3655f9c884e54bbdf823f43bec626a5
-
SHA1
bc2a6f92892ae6542a268ceca05c7e0dcb921a70
-
SHA256
0c93f902775524393a124b59e3e36214dc8c74f8ffa1ec7cf4ae02a409fef5b2
-
SHA512
5f8f8c96991dcac108b190b5e7686734bc7efb7a58036705df7be926b00deeda9bf3fb1396e87afc44e0e33dfb5580a1988d6b24371da66f92da5682d3343a9a
-
SSDEEP
1536:mioFUNmm6aN6HN4hu72mo4Wh087aDOK80/ckTu/vwiwbZnN:mioFUVZhWo9hP7YPQwiwbZnN
Malware Config
Extracted
mirai
MIRAI
Targets
-
-
Target
rebirth.arm.elf
-
Size
78KB
-
MD5
e3655f9c884e54bbdf823f43bec626a5
-
SHA1
bc2a6f92892ae6542a268ceca05c7e0dcb921a70
-
SHA256
0c93f902775524393a124b59e3e36214dc8c74f8ffa1ec7cf4ae02a409fef5b2
-
SHA512
5f8f8c96991dcac108b190b5e7686734bc7efb7a58036705df7be926b00deeda9bf3fb1396e87afc44e0e33dfb5580a1988d6b24371da66f92da5682d3343a9a
-
SSDEEP
1536:mioFUNmm6aN6HN4hu72mo4Wh087aDOK80/ckTu/vwiwbZnN:mioFUVZhWo9hP7YPQwiwbZnN
Score9/10-
Contacts a large (23829) amount of remote hosts
This may indicate a network scan to discover remotely running services.
-
Creates a large amount of network flows
This may indicate a network scan to discover remotely running services.
-
File and Directory Permissions Modification
Adversaries may modify file or directory permissions to evade defenses.
-
Modifies rc script
Adding/modifying system rc scripts is a common persistence mechanism.
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Boot or Logon Initialization Scripts
1RC Scripts
1Privilege Escalation
Boot or Logon Autostart Execution
1Boot or Logon Initialization Scripts
1RC Scripts
1