mirai | ae7fcb33cac6ecf39c2ba9f47c7f6e1e024c1391e99bfb32c5e3b9128a7cb197 | Triage

Sharing

General

Target

a4b11a22fa434bce0d2e95f30b2b263e.bin
Size

21KB
Sample

241217-b2rjbaxlfm
MD5

fcbf92f2f985932dde0d2ce9d6bed891
SHA1

ac1633943d1c7c05f9cb7b3b07bbfb5929d59799
SHA256

ae7fcb33cac6ecf39c2ba9f47c7f6e1e024c1391e99bfb32c5e3b9128a7cb197
SHA512

1a4ab88508e226a91f73b076b53bae3a2e4bad5dd40b8e594c7ad8413d933f70e9d5d78de9348bcb0dc618392f2f1713234028bad7a983bda10f2c69b9b1d245
SSDEEP

384:pnYbJO0IFYYA5egzwwwZG34WX4rZdbJE0H4Mj/vSGVCc13Jz:pAJfyYVeIwq3Z4rZb8MHCcfz

Score

10^/10

mirai botnet discovery linux rootkit

Malware Config

Extracted

Family

mirai

Botnet

BOTNET

Targets

- Target
  
  7958027a7838046cd8156febeb0ef9cd9bac840a4f1e07d51f9182890ef3c6b6.elf
- Size
  
  42KB
- MD5
  
  a4b11a22fa434bce0d2e95f30b2b263e
- SHA1
  
  6d142c5c0a1abc9f0531ef1572d2bc5f3d228afe
- SHA256
  
  7958027a7838046cd8156febeb0ef9cd9bac840a4f1e07d51f9182890ef3c6b6
- SHA512
  
  664211c3399f5a312846003461c6750f8502042a54e884b668023af03b20964dc25b9a8c5d2bac41c45f16c41ba9462b96b847430b02fec2a8ab0f4261d2907b
- SSDEEP
  
  768:LLJQIFlE0oYlMhkczSDizYJxOF5ofBrGMBZkgNJrXzyn0OHTw2BQ:hjWhDSmzYJgFKBrXBZkgNJr6XbB
Score

9^/10

discovery rootkit
- Contacts a large (708451) amount of remote hosts
  This may indicate a network scan to discover remotely running services.
  discovery
- Creates a large amount of network flows
  This may indicate a network scan to discover remotely running services.
  discovery
- Loads a kernel module
  Loads a Linux kernel module, potentially to achieve persistence
  rootkit
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Network Service Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

discoveryrootkit