General

  • Target

    arm7.elf

  • Size

    161KB

  • Sample

    241219-tagh5svpfm

  • MD5

    9d77a063fd8d96acdde0a77ab20e54ca

  • SHA1

    5f8f753b69caed69505249eadaf5696d0d13791c

  • SHA256

    217f6bf3334bc8e6e5b3ecd877a32e1502b7fb1a38ce9508ab3406eba3d41fa8

  • SHA512

    b0d036b651173beac59cb41e8cd2f3ab89c33be4c8cbc26e8964d93525c838ba9bcecfec4c94a9e5e7f6bc8e15dafb0803681bec227fe66a0df9a89864dcbcb9

  • SSDEEP

    3072:TO70zMrZqihLA2IlfdagQJKB/48crKovKF8AHtvtM/9VFVpuA:TO70ArZzAvdagQJKBg80C2AHt1M/9lpV

Malware Config

Extracted

Family

mirai

Botnet

OWARI

Targets

    • Target

      arm7.elf

    • Size

      161KB

    • MD5

      9d77a063fd8d96acdde0a77ab20e54ca

    • SHA1

      5f8f753b69caed69505249eadaf5696d0d13791c

    • SHA256

      217f6bf3334bc8e6e5b3ecd877a32e1502b7fb1a38ce9508ab3406eba3d41fa8

    • SHA512

      b0d036b651173beac59cb41e8cd2f3ab89c33be4c8cbc26e8964d93525c838ba9bcecfec4c94a9e5e7f6bc8e15dafb0803681bec227fe66a0df9a89864dcbcb9

    • SSDEEP

      3072:TO70zMrZqihLA2IlfdagQJKB/48crKovKF8AHtvtM/9VFVpuA:TO70ArZzAvdagQJKBg80C2AHt1M/9lpV

    • Contacts a large (49071) amount of remote hosts

      This may indicate a network scan to discover remotely running services.

    • Creates a large amount of network flows

      This may indicate a network scan to discover remotely running services.

    • Modifies Watchdog functionality

      Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.

MITRE ATT&CK Enterprise v15

Tasks