General

  • Target

    jew.x86.elf

  • Size

    53KB

  • Sample

    241217-197ypszphw

  • MD5

    1c175e1463d52e354f3d7fb3156195e9

  • SHA1

    db1773b660a018eb117a3dc74013176a556bb728

  • SHA256

    518804d20cc93ad62a563d439839c91989c5166e8cdfe2f3b643fa6abf570bed

  • SHA512

    82bee9d931bacd78bbb8115b97177c0fe37ba701ff7a184683c0b29818f77ebc9a8660947f319409b9062f044d27495d8bbbfbd9cb9a111689660d2592e540d6

  • SSDEEP

    1536:O13kynNjv6czSEZeLmI37KNCgoTcpoQzWxS2RAfah5HQ:AUyntv6cuEZ437KAgowpoeiSi1D

Malware Config

Extracted

Family

mirai

Botnet

KURC

Targets

    • Target

      jew.x86.elf

    • Size

      53KB

    • MD5

      1c175e1463d52e354f3d7fb3156195e9

    • SHA1

      db1773b660a018eb117a3dc74013176a556bb728

    • SHA256

      518804d20cc93ad62a563d439839c91989c5166e8cdfe2f3b643fa6abf570bed

    • SHA512

      82bee9d931bacd78bbb8115b97177c0fe37ba701ff7a184683c0b29818f77ebc9a8660947f319409b9062f044d27495d8bbbfbd9cb9a111689660d2592e540d6

    • SSDEEP

      1536:O13kynNjv6czSEZeLmI37KNCgoTcpoQzWxS2RAfah5HQ:AUyntv6cuEZ437KAgowpoeiSi1D

    • Contacts a large (117355) amount of remote hosts

      This may indicate a network scan to discover remotely running services.

    • Creates a large amount of network flows

      This may indicate a network scan to discover remotely running services.

    • Modifies Watchdog functionality

      Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.

    • Writes file to system bin folder

MITRE ATT&CK Enterprise v15

Tasks