General

  • Target

    jew.mpsl.elf

  • Size

    82KB

  • Sample

    241217-z1573sxrhx

  • MD5

    422caddd082c1c2f243751075bd65896

  • SHA1

    8901feeda2d216d38f970f68930f3b8d3ed08948

  • SHA256

    d6d16a1922d0ff1580579c7755f13dd9eaee315adfb76fc9577a6f17eabb4600

  • SHA512

    127927b42a4ab1e441bfaa03266da22bf5038064b3a7abc127e32943bed55fca51c4b7ba9c864f0142c682b5bb5b1eb3dccf8c1dfed792bef5e253b3910d1cbe

  • SSDEEP

    1536:bw4pjQLOQ2GTZHslkJGAopJpPok9Z5zty3d42+B:bw4pjWQAFslok9o

Malware Config

Extracted

Family

mirai

Botnet

KURC

Targets

    • Target

      jew.mpsl.elf

    • Size

      82KB

    • MD5

      422caddd082c1c2f243751075bd65896

    • SHA1

      8901feeda2d216d38f970f68930f3b8d3ed08948

    • SHA256

      d6d16a1922d0ff1580579c7755f13dd9eaee315adfb76fc9577a6f17eabb4600

    • SHA512

      127927b42a4ab1e441bfaa03266da22bf5038064b3a7abc127e32943bed55fca51c4b7ba9c864f0142c682b5bb5b1eb3dccf8c1dfed792bef5e253b3910d1cbe

    • SSDEEP

      1536:bw4pjQLOQ2GTZHslkJGAopJpPok9Z5zty3d42+B:bw4pjWQAFslok9o

    • Contacts a large (115776) amount of remote hosts

      This may indicate a network scan to discover remotely running services.

    • Creates a large amount of network flows

      This may indicate a network scan to discover remotely running services.

    • Modifies Watchdog functionality

      Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.

    • Writes file to system bin folder

MITRE ATT&CK Enterprise v15

Tasks