mirai | ace9da274f8a12fc890bef69b11dcfb73aa8fb9569dd7c3dfddf488b12b52d52 | Triage

Sharing

General

Target

9d484f6ed2b8778d980d70671472bcff.bin
Size

29KB
Sample

241217-byhr1awmdt
MD5

12b58a78d4a59bcb6f9ba15f215e9500
SHA1

35b37cadea7d18809d9d1b43046ad3c0b394c75b
SHA256

ace9da274f8a12fc890bef69b11dcfb73aa8fb9569dd7c3dfddf488b12b52d52
SHA512

da0bbb27e2612104d6ea9236810255788682296633ad6ec64f0b5e18a7327c747aeb42a87da50280d3ebcffa42264e8b77ad535939f5c04f0debd2ab5bec1ebe
SSDEEP

768:mq3FfIHdT+8mm4h8cWXZ7uWN7Kdx7SZABNt/F1lXiVJ6Jv:jFO+tm4h8cWp5N77at/FSVJ6N

Score

10^/10

mirai defense_evasion discovery

Malware Config

Targets

- Target
  
  3a1855bb750d12e731792daf173b5af76f525347fd52f250f59df920843f40a8.elf
- Size
  
  57KB
- MD5
  
  9d484f6ed2b8778d980d70671472bcff
- SHA1
  
  10fc2d052d72c3e5208f71e900f9c4cd9df42921
- SHA256
  
  3a1855bb750d12e731792daf173b5af76f525347fd52f250f59df920843f40a8
- SHA512
  
  3968d7773da142ad9f4f37ddf917969e2803311093709181e73189d4f90c312331aabb73f6ee9e9179a75354e0be5a048b0f2911c1cd2cfd39680f19558167f5
- SSDEEP
  
  1536:iZnp7aQDL3k7KlSVbn1UyRQ1VRBoYpFn9s9lvZiCa3fJUwIW:e7aQvUMqTK/HRBoYpFYNmfJNIW
Score

9^/10

defense_evasion discovery
- Contacts a large (45000) amount of remote hosts
  This may indicate a network scan to discover remotely running services.
  discovery
- Creates a large amount of network flows
  This may indicate a network scan to discover remotely running services.
  discovery
- Modifies Watchdog functionality
  Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.
  defense_evasion
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Impair Defenses

Credential Access

Discovery

Network Service Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

defense_evasiondiscovery