mirai | c2b9b2283a0c7b5e0f8acd8b105337745e79e53c1fdf751209a0c0680376dfe2 | Triage

Sharing

General

Target

c2b9b2283a0c7b5e0f8acd8b105337745e79e53c1fdf751209a0c0680376dfe2.elf
Size

102KB
Sample

241215-ekfl9stkev
MD5

f9976ecda287c44f5fc9637a81998d0c
SHA1

919f0a2feb00246105fdfa38b8d19bea1ad5cbc8
SHA256

c2b9b2283a0c7b5e0f8acd8b105337745e79e53c1fdf751209a0c0680376dfe2
SHA512

9ddbc254a54ee4704a4a1cf29e2ceb58584b5c59c235e92e2a8657160a1d8263404aaf477a88137185416278de9cfaa4ecb0e42a364b4210a6e90c5469f646d8
SSDEEP

1536:9zropVtwBSkGlW42fwB/XBzPAL7P0v5XaSgHazGI9xGeDmSf9RBEi/SBY:ZoeIVlW461n0xKSnGI9x/mSf9RBEyGY

Score

10^/10

mirai mirai defense_evasion discovery

Malware Config

Extracted

Family

mirai

Botnet

MIRAI

Targets

- Target
  
  c2b9b2283a0c7b5e0f8acd8b105337745e79e53c1fdf751209a0c0680376dfe2.elf
- Size
  
  102KB
- MD5
  
  f9976ecda287c44f5fc9637a81998d0c
- SHA1
  
  919f0a2feb00246105fdfa38b8d19bea1ad5cbc8
- SHA256
  
  c2b9b2283a0c7b5e0f8acd8b105337745e79e53c1fdf751209a0c0680376dfe2
- SHA512
  
  9ddbc254a54ee4704a4a1cf29e2ceb58584b5c59c235e92e2a8657160a1d8263404aaf477a88137185416278de9cfaa4ecb0e42a364b4210a6e90c5469f646d8
- SSDEEP
  
  1536:9zropVtwBSkGlW42fwB/XBzPAL7P0v5XaSgHazGI9xGeDmSf9RBEi/SBY:ZoeIVlW461n0xKSnGI9x/mSf9RBEyGY
Score

9^/10

defense_evasion discovery
- Contacts a large (16218) amount of remote hosts
  This may indicate a network scan to discover remotely running services.
  discovery
- Creates a large amount of network flows
  This may indicate a network scan to discover remotely running services.
  discovery
- Modifies Watchdog functionality
  Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.
  defense_evasion
- Enumerates active TCP sockets
  Gets active TCP sockets from /proc virtual filesystem.
  discovery
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Impair Defenses

Credential Access

Discovery

Network Service Discovery

System Network Configuration Discovery

Internet Connection Discovery

System Network Connections Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

defense_evasiondiscovery