mirai | 3231a0ef57c7107fefb310e12f4d2994fc9d0afd9c76148ce1cd409d5cb5dd7e | Triage

Sharing

General

Target

3231a0ef57c7107fefb310e12f4d2994fc9d0afd9c76148ce1cd409d5cb5dd7e.elf
Size

75KB
Sample

241216-clwzjazpdn
MD5

c70d6d70685235b94fed5ec73aed3b2c
SHA1

cc9ebae95a7c15a670388fc44e0fd41547c17e18
SHA256

3231a0ef57c7107fefb310e12f4d2994fc9d0afd9c76148ce1cd409d5cb5dd7e
SHA512

e3fb2b71ad3a106724355eeae05f20f483ebd5c78e36d93c2a2ad7137bb6fd95b3c79d916322a99b2819c07ee00bc132cf1bad1735edc3a02e4144dd5c408954
SSDEEP

1536:dvBGpSzKkubpUa2jecqCR/JYHqDIw+e6+MFOPRkTZRbXXTzpwbZnR+5:hcpHblUaBcPNeHqEw36FOPOZRTXTNwbf

Score

10^/10

mirai mirai defense_evasion discovery linux persistence

Malware Config

Extracted

Family

mirai

Botnet

MIRAI

Targets

- Target
  
  3231a0ef57c7107fefb310e12f4d2994fc9d0afd9c76148ce1cd409d5cb5dd7e.elf
- Size
  
  75KB
- MD5
  
  c70d6d70685235b94fed5ec73aed3b2c
- SHA1
  
  cc9ebae95a7c15a670388fc44e0fd41547c17e18
- SHA256
  
  3231a0ef57c7107fefb310e12f4d2994fc9d0afd9c76148ce1cd409d5cb5dd7e
- SHA512
  
  e3fb2b71ad3a106724355eeae05f20f483ebd5c78e36d93c2a2ad7137bb6fd95b3c79d916322a99b2819c07ee00bc132cf1bad1735edc3a02e4144dd5c408954
- SSDEEP
  
  1536:dvBGpSzKkubpUa2jecqCR/JYHqDIw+e6+MFOPRkTZRbXXTzpwbZnR+5:hcpHblUaBcPNeHqEw36FOPOZRTXTNwbf
Score

9^/10

defense_evasion discovery persistence
- Contacts a large (23999) amount of remote hosts
  This may indicate a network scan to discover remotely running services.
  discovery
- Creates a large amount of network flows
  This may indicate a network scan to discover remotely running services.
  discovery
- File and Directory Permissions Modification
  Adversaries may modify file or directory permissions to evade defenses.
  defense_evasion
- Modifies rc script
  Adding/modifying system rc scripts is a common persistence mechanism.
  persistence
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Boot or Logon Initialization Scripts

RC Scripts

Privilege Escalation

Boot or Logon Autostart Execution

Boot or Logon Initialization Scripts

RC Scripts

Defense Evasion

File and Directory Permissions Modification

Linux and Mac File and Directory Permissions Modification

Credential Access

Discovery

Network Service Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

defense_evasiondiscoverypersistence