mirai | e690a79a215ba4e23fd294dd13ae1065adfbdee259b9b8657e6851fdd912e7e8 | Triage

Sharing

General

Target

telnet.x86.elf
Size

71KB
Sample

241225-cxejmavmem
MD5

9ced588aec0ba67ad8f01ce3ea50cbfa
SHA1

d5ac11a2ae0c717a79279db0046dd6b34c706895
SHA256

e690a79a215ba4e23fd294dd13ae1065adfbdee259b9b8657e6851fdd912e7e8
SHA512

849f0762220471058e3775e748a510b2f17bec7ecb76bdece52e29b5eb7060aa4596978fcc93602ea19b96cd4f305d7c71823c5a886878deb0096b96d0a26312
SSDEEP

1536:yLN5+dkvE699QsVuKFzzPl6IpEwT9Sh8BoS0+:y6dkvE699QsIKc0Noh8Br

Score

10^/10

mirai defense_evasion discovery linux

Malware Config

Targets

- Target
  
  telnet.x86.elf
- Size
  
  71KB
- MD5
  
  9ced588aec0ba67ad8f01ce3ea50cbfa
- SHA1
  
  d5ac11a2ae0c717a79279db0046dd6b34c706895
- SHA256
  
  e690a79a215ba4e23fd294dd13ae1065adfbdee259b9b8657e6851fdd912e7e8
- SHA512
  
  849f0762220471058e3775e748a510b2f17bec7ecb76bdece52e29b5eb7060aa4596978fcc93602ea19b96cd4f305d7c71823c5a886878deb0096b96d0a26312
- SSDEEP
  
  1536:yLN5+dkvE699QsVuKFzzPl6IpEwT9Sh8BoS0+:y6dkvE699QsIKc0Noh8Br
Score

9^/10

defense_evasion discovery
- Contacts a large (118139) amount of remote hosts
  This may indicate a network scan to discover remotely running services.
  discovery
- Creates a large amount of network flows
  This may indicate a network scan to discover remotely running services.
  discovery
- Modifies Watchdog functionality
  Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.
  defense_evasion
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Impair Defenses

Credential Access

Discovery

Network Service Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

defense_evasiondiscovery