Overview

overview

10

Static

static

10

nsharm7.elf

debian-12-armhf

9

Sharing

Copy URL
Twitter E-mail

General

  • Target

    nsharm7.elf

  • Size

    97KB

  • Sample

    241221-v9edhavkhy

  • MD5

    1a4375f6423f0c96f3d2377d1c157595

  • SHA1

    fec7b3bd66d1d4a88b7a22511962007f7b99e34b

  • SHA256

    4d315e63c562b354627d6b169e197d5cf108f318b446dac59c8edff283314e9d

  • SHA512

    fca72e6629a9e1440df86bb7c46592f6f0294aafdfd4839f461862dcbafcc3cc534d71061f3e43d870655fb56d5417258074e0994e568c7b044a41fb87ba8be2

  • SSDEEP

    3072:GKsAW3h8xjDI0taCqGwapyAuKltAJzL7azhHH:GKSRPsaCqGwapPu8AhLIHH

Score
10/10
miraibotnetdiscovery

Malware Config

Extracted

Family

mirai

Botnet

BOTNET

Targets

    • Target

      nsharm7.elf

    • Size

      97KB

    • MD5

      1a4375f6423f0c96f3d2377d1c157595

    • SHA1

      fec7b3bd66d1d4a88b7a22511962007f7b99e34b

    • SHA256

      4d315e63c562b354627d6b169e197d5cf108f318b446dac59c8edff283314e9d

    • SHA512

      fca72e6629a9e1440df86bb7c46592f6f0294aafdfd4839f461862dcbafcc3cc534d71061f3e43d870655fb56d5417258074e0994e568c7b044a41fb87ba8be2

    • SSDEEP

      3072:GKsAW3h8xjDI0taCqGwapyAuKltAJzL7azhHH:GKSRPsaCqGwapPu8AhLIHH

    Score
    9/10
    discovery

    • Contacts a large (287460) amount of remote hosts

      This may indicate a network scan to discover remotely running services.

      discovery

    • Creates a large amount of network flows

      This may indicate a network scan to discover remotely running services.

      discovery

    • Unexpected DNS network traffic destination

      Network traffic to other servers than the configured DNS servers was detected on the DNS port.

    behavioral1

MITRE ATT&CK Enterprise v15

Tasks