mirai | aad3ddf980af129b6cbe440d3753236883b87a31dbac4af4214cf5c44018c832 | Triage

Sharing

General

Target

aad3ddf980af129b6cbe440d3753236883b87a31dbac4af4214cf5c44018c832.elf
Size

95KB
Sample

241221-dfenqs1kgy
MD5

d096df4058ec4f683be02ffe36855741
SHA1

c1aeed9472502b4a0b28895d5efbdb7437e1c778
SHA256

aad3ddf980af129b6cbe440d3753236883b87a31dbac4af4214cf5c44018c832
SHA512

6efbfeb3abfdf2fbacb4ddc3c6efa4238bb8fa5b9571b5c68ac79df3a6e6c5691050f287939798508c7f3cbccdf121c6d7b9aa1ae7454477e3a89b8f0aa6fab6
SSDEEP

1536:M+b+Jvas6fjM2bsLu9OW9OhfOCl/5Cg/0mFfhYTmI1/e2pH9V8z1NR:EJv9r2gLL10ahYTz19V8z1NR

Score

10^/10

mirai botnet discovery

Malware Config

Extracted

Family

mirai

Botnet

BOTNET

Targets

- Target
  
  aad3ddf980af129b6cbe440d3753236883b87a31dbac4af4214cf5c44018c832.elf
- Size
  
  95KB
- MD5
  
  d096df4058ec4f683be02ffe36855741
- SHA1
  
  c1aeed9472502b4a0b28895d5efbdb7437e1c778
- SHA256
  
  aad3ddf980af129b6cbe440d3753236883b87a31dbac4af4214cf5c44018c832
- SHA512
  
  6efbfeb3abfdf2fbacb4ddc3c6efa4238bb8fa5b9571b5c68ac79df3a6e6c5691050f287939798508c7f3cbccdf121c6d7b9aa1ae7454477e3a89b8f0aa6fab6
- SSDEEP
  
  1536:M+b+Jvas6fjM2bsLu9OW9OhfOCl/5Cg/0mFfhYTmI1/e2pH9V8z1NR:EJv9r2gLL10ahYTz19V8z1NR
Score

9^/10

discovery
- Contacts a large (293606) amount of remote hosts
  This may indicate a network scan to discover remotely running services.
  discovery
- Creates a large amount of network flows
  This may indicate a network scan to discover remotely running services.
  discovery
- Unexpected DNS network traffic destination
  Network traffic to other servers than the configured DNS servers was detected on the DNS port.
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Network Service Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1