mirai | 0591f666b878be00bc5690bf81db432374e37ebaf931a13699e0f0485d5b75ad | Triage

Sharing

General

Target

0591f666b878be00bc5690bf81db432374e37ebaf931a13699e0f0485d5b75ad.elf
Size

66KB
Sample

241216-cfspxszmcq
MD5

0a725ea365df367fd47614b56392f5bc
SHA1

11909c82c305ba1c686b4caa69724f443c933374
SHA256

0591f666b878be00bc5690bf81db432374e37ebaf931a13699e0f0485d5b75ad
SHA512

b533f738b27535a1a7f577952e46212b92d399b4669ee7145f791adfa9c0d8b3d92abb2101e28d70804b9cf93c77234da87477a78bd3776de7273dd803139c58
SSDEEP

1536:QLCPsY4qBhc+fJC8H1BBSpmUYIJgt/W1s6Wc:Q0svqBhdH12LJgtee6W

Score

10^/10

mirai defense_evasion discovery

Malware Config

Targets

- Target
  
  0591f666b878be00bc5690bf81db432374e37ebaf931a13699e0f0485d5b75ad.elf
- Size
  
  66KB
- MD5
  
  0a725ea365df367fd47614b56392f5bc
- SHA1
  
  11909c82c305ba1c686b4caa69724f443c933374
- SHA256
  
  0591f666b878be00bc5690bf81db432374e37ebaf931a13699e0f0485d5b75ad
- SHA512
  
  b533f738b27535a1a7f577952e46212b92d399b4669ee7145f791adfa9c0d8b3d92abb2101e28d70804b9cf93c77234da87477a78bd3776de7273dd803139c58
- SSDEEP
  
  1536:QLCPsY4qBhc+fJC8H1BBSpmUYIJgt/W1s6Wc:Q0svqBhdH12LJgtee6W
Score

9^/10

defense_evasion discovery
- Contacts a large (553586) amount of remote hosts
  This may indicate a network scan to discover remotely running services.
  discovery
- Creates a large amount of network flows
  This may indicate a network scan to discover remotely running services.
  discovery
- Modifies Watchdog functionality
  Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.
  defense_evasion
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Impair Defenses

Credential Access

Discovery

Network Service Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

defense_evasiondiscovery