mirai | 0c354ebbe4584e62c4bae62dcbca7e100993a1741aab7f2220d360b1a4139c2b | Triage

Sharing

General

Target

0c354ebbe4584e62c4bae62dcbca7e100993a1741aab7f2220d360b1a4139c2b.elf
Size

66KB
Sample

241216-cgejpayjbt
MD5

bb446b6ba8a21b846dbb42661d3adedc
SHA1

afb017f2ae2d4e0eab102d82b4ef4f0961cd0493
SHA256

0c354ebbe4584e62c4bae62dcbca7e100993a1741aab7f2220d360b1a4139c2b
SHA512

cb0633d7f7ad42b5595ade06938533467029c21a6ffd899c20b54bf044e7613dbc610a6a98f37169f66e7684a5cfcbb1cdc26dc4f06970041f16dd25e75c51c4
SSDEEP

768:ZaR/gw064+ZSYd4hcfZ2uAHvkTby8YD5PYt0vt/3wyENuwn9nDZnananBKj0KzcV:tYkE0uA4byxYW9cCQKDLt9aFQXVdmWk

Score

10^/10

mirai defense_evasion discovery

Malware Config

Targets

- Target
  
  0c354ebbe4584e62c4bae62dcbca7e100993a1741aab7f2220d360b1a4139c2b.elf
- Size
  
  66KB
- MD5
  
  bb446b6ba8a21b846dbb42661d3adedc
- SHA1
  
  afb017f2ae2d4e0eab102d82b4ef4f0961cd0493
- SHA256
  
  0c354ebbe4584e62c4bae62dcbca7e100993a1741aab7f2220d360b1a4139c2b
- SHA512
  
  cb0633d7f7ad42b5595ade06938533467029c21a6ffd899c20b54bf044e7613dbc610a6a98f37169f66e7684a5cfcbb1cdc26dc4f06970041f16dd25e75c51c4
- SSDEEP
  
  768:ZaR/gw064+ZSYd4hcfZ2uAHvkTby8YD5PYt0vt/3wyENuwn9nDZnananBKj0KzcV:tYkE0uA4byxYW9cCQKDLt9aFQXVdmWk
Score

9^/10

defense_evasion discovery
- Contacts a large (392106) amount of remote hosts
  This may indicate a network scan to discover remotely running services.
  discovery
- Creates a large amount of network flows
  This may indicate a network scan to discover remotely running services.
  discovery
- Modifies Watchdog functionality
  Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.
  defense_evasion
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Impair Defenses

Credential Access

Discovery

Network Service Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

defense_evasiondiscovery