mirai | 44cc7a4e50c30c53b1152e042c5d8b1b28efedae967a4ac20ad308d71fb64b46 | Triage

Sharing

General

Target

44cc7a4e50c30c53b1152e042c5d8b1b28efedae967a4ac20ad308d71fb64b46.elf
Size

57KB
Sample

241216-cnajbazqbq
MD5

8ed00afeb5f2ec81352c151e916f1d85
SHA1

6f658faa7463463c2b58d658e4bcdb02f8a02441
SHA256

44cc7a4e50c30c53b1152e042c5d8b1b28efedae967a4ac20ad308d71fb64b46
SHA512

3d9bf05cc729832eeb130de795813d50b1e0df7dc228a51e9e1a81f43bb3cf5c2ab31a3d20bea7b145dac0ceaab6ecf4885245b9b50db283cf737f2d022ca441
SSDEEP

1536:0Znx4HVynObXFUOmVz1NzBQk8SRGJSlpa9p9l5vicj6v/pW:I4HV4mezbOknRGJSlpgBj6HpW

Score

10^/10

mirai botnet defense_evasion discovery

Malware Config

Extracted

Family

mirai

Botnet

BOTNET

Targets

- Target
  
  44cc7a4e50c30c53b1152e042c5d8b1b28efedae967a4ac20ad308d71fb64b46.elf
- Size
  
  57KB
- MD5
  
  8ed00afeb5f2ec81352c151e916f1d85
- SHA1
  
  6f658faa7463463c2b58d658e4bcdb02f8a02441
- SHA256
  
  44cc7a4e50c30c53b1152e042c5d8b1b28efedae967a4ac20ad308d71fb64b46
- SHA512
  
  3d9bf05cc729832eeb130de795813d50b1e0df7dc228a51e9e1a81f43bb3cf5c2ab31a3d20bea7b145dac0ceaab6ecf4885245b9b50db283cf737f2d022ca441
- SSDEEP
  
  1536:0Znx4HVynObXFUOmVz1NzBQk8SRGJSlpa9p9l5vicj6v/pW:I4HV4mezbOknRGJSlpgBj6HpW
Score

9^/10

defense_evasion discovery
- Contacts a large (681528) amount of remote hosts
  This may indicate a network scan to discover remotely running services.
  discovery
- Creates a large amount of network flows
  This may indicate a network scan to discover remotely running services.
  discovery
- Modifies Watchdog functionality
  Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.
  defense_evasion
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Impair Defenses

Credential Access

Discovery

Network Service Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

defense_evasiondiscovery