mirai | 66724c958e27e1eb5510f1f011f99b7bcbe17add2fa4b814c3eaa98317bedcff | Triage

Submit
Reports

Overview

overview

Static

static

Aqua.arm4.elf

debian-9-armhf

7

Sharing

General

Target

Aqua.arm4.elf
Size

75KB
Sample

241229-stphestqfq
MD5

1bdee3e996663d5ffe57d829d6035237
SHA1

d76f42f94c61a10e5ca5f51a7f1e2cda8d09d076
SHA256

66724c958e27e1eb5510f1f011f99b7bcbe17add2fa4b814c3eaa98317bedcff
SHA512

a599c8cb9d664835b760ed1735e3a27f3209c8cf07c189457a6d521a6466b52b2e6a77be421aa4a9588791a215bc30b8a9f6d05d92aef3d4f13e4803beaa2ead
SSDEEP

1536:Dwfv0c9K043hiw66vn/OMIuztV+wlOqtKTmIWSSPaNltRqSim:DwfvKJmMN6ehk

Score

10^/10

mirai botnet discovery

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

Aqua.arm4.elf

Resource

debian9-armhf-20240729-en

debian-9-armhf

5 signatures

150 seconds

Malware Config

Extracted

Family

mirai

Botnet

BOTNET

C2

89.190.156.145

Targets

- Target
  
  Aqua.arm4.elf
- Size
  
  75KB
- MD5
  
  1bdee3e996663d5ffe57d829d6035237
- SHA1
  
  d76f42f94c61a10e5ca5f51a7f1e2cda8d09d076
- SHA256
  
  66724c958e27e1eb5510f1f011f99b7bcbe17add2fa4b814c3eaa98317bedcff
- SHA512
  
  a599c8cb9d664835b760ed1735e3a27f3209c8cf07c189457a6d521a6466b52b2e6a77be421aa4a9588791a215bc30b8a9f6d05d92aef3d4f13e4803beaa2ead
- SSDEEP
  
  1536:Dwfv0c9K043hiw66vn/OMIuztV+wlOqtKTmIWSSPaNltRqSim:DwfvKJmMN6ehk
Score

7^/10

discovery
- Deletes itself
- Unexpected DNS network traffic destination
  Network traffic to other servers than the configured DNS servers was detected on the DNS port.
- Enumerates running processes
  Discovers information about currently running processes on the system
behavioral1

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

© 2018-2025

Terms | Privacy