General

  • Target

    c5dad34705dc4d1776dd1361539222bf.bin

  • Size

    23KB

  • Sample

    241217-b6jz2axmhl

  • MD5

    8471dad8f2c8b4815fe15aa1f225a97f

  • SHA1

    42dad4e93766ca4c93e296288e8da8c2b8948c0c

  • SHA256

    7781a2fe4881df1117f3ec8de529af5ad6a375fff8916aee9e5f65dd0d5cbeb6

  • SHA512

    571740cca6edb0f39e83f9eac06f6f868b5316689806516dbf832ceaa3ee7cbd349321b58cc40f164b87ef3d018cabb851c8566f8956cfe498e6237f502db3f6

  • SSDEEP

    384:a9wk6Zx+1pv/UQ4FcOaw9gxixV+5xbiFOFxLX1FSVQH0lAqSG3zB+gesCUuZShu6:uwk6Zx+X/UQ4l9gUikOjWQ0KHGDRCZ/K

Malware Config

Extracted

Family

mirai

Botnet

BOTNET

Targets

    • Target

      b7b4caac8d9975695170139441bec806cfbd3d20bb9fad56dc0afdf8cb00e5a1.elf

    • Size

      45KB

    • MD5

      c5dad34705dc4d1776dd1361539222bf

    • SHA1

      8e4205c745533214d8176e7a607eddbacb914100

    • SHA256

      b7b4caac8d9975695170139441bec806cfbd3d20bb9fad56dc0afdf8cb00e5a1

    • SHA512

      e5e31e5643ea5803b8b13fcfef78a9c47196910a8416e0d74eb0e85798f9e67ce91f1440447b02e1d2fb412e06c6a0dcd9877d6608374757c2d2ea3cb05a72b4

    • SSDEEP

      768:QZnNjwqwQm+Gnw/1Tzk96RFuEVP1OXoWQRs5DHzUIfumpDieIA+Si62yfot/Ox2/:QZn7wQmXnq1TIYFhVP1O4WQy5DHzJPHW

    • Contacts a large (528040) amount of remote hosts

      This may indicate a network scan to discover remotely running services.

    • Creates a large amount of network flows

      This may indicate a network scan to discover remotely running services.

    • Modifies Watchdog functionality

      Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.

MITRE ATT&CK Enterprise v15

Tasks