General

  • Target

    0a2bb8f1e08010f0775a98dc698728a5dbb306038549eba91a3ca46c3b0771f1.elf

  • Size

    54KB

  • Sample

    241217-cjcg4sxrck

  • MD5

    448299ea09222114fcbbc43a647604e1

  • SHA1

    ab09cdb797afb64d7a49806d09ebea50f7acea6a

  • SHA256

    0a2bb8f1e08010f0775a98dc698728a5dbb306038549eba91a3ca46c3b0771f1

  • SHA512

    b9389aafc318d05b4df8fe1d730b75588d0fbfc0d6a8ef00bf1d880ab908a834ec12883bb999b92862d6c6e922ea69d8f1843c35e0f7bcde76dd57a0e81443ce

  • SSDEEP

    1536:JeESt/basV2rcZhG6ySN7nauRe9xzWOIaEjrqMY:JeESt/basVTgS7nauw9BtXEST

Malware Config

Extracted

Family

mirai

C2

230.btc-f2pool.top

Targets

    • Target

      0a2bb8f1e08010f0775a98dc698728a5dbb306038549eba91a3ca46c3b0771f1.elf

    • Size

      54KB

    • MD5

      448299ea09222114fcbbc43a647604e1

    • SHA1

      ab09cdb797afb64d7a49806d09ebea50f7acea6a

    • SHA256

      0a2bb8f1e08010f0775a98dc698728a5dbb306038549eba91a3ca46c3b0771f1

    • SHA512

      b9389aafc318d05b4df8fe1d730b75588d0fbfc0d6a8ef00bf1d880ab908a834ec12883bb999b92862d6c6e922ea69d8f1843c35e0f7bcde76dd57a0e81443ce

    • SSDEEP

      1536:JeESt/basV2rcZhG6ySN7nauRe9xzWOIaEjrqMY:JeESt/basVTgS7nauw9BtXEST

    • Contacts a large (37874) amount of remote hosts

      This may indicate a network scan to discover remotely running services.

    • Creates a large amount of network flows

      This may indicate a network scan to discover remotely running services.

    • File and Directory Permissions Modification

      Adversaries may modify file or directory permissions to evade defenses.

    • Loads a kernel module

      Loads a Linux kernel module, potentially to achieve persistence

    • Writes file to system bin folder

MITRE ATT&CK Enterprise v15

Tasks