mirai | 5f41c88490504afd0d3f3a7dd57a250fa7a32283e19607d23fdfd847d8f9cf38 | Triage

Submit
Reports

Overview

overview

Static

static

5

ff9e993a93...a5.elf

ubuntu-22.04-amd64

Sharing

General

Target

b51646a8513eeee446c6291d0783a654.bin
Size

34KB
Sample

241230-b6eejstpbk
MD5

a806a8089cac6826974cde44adbee074
SHA1

fc1f26a0ba2ef2e2f6ffec83c56decd50534b2b3
SHA256

5f41c88490504afd0d3f3a7dd57a250fa7a32283e19607d23fdfd847d8f9cf38
SHA512

5dfefb0cff370760cf17d6d781e683ce7d2aeb1802a3bcda967e8bcc23b6bd301d687a77af2b95142a7cf9ec9b39dd1db21f09f862ba9dbab9c5ab472aa472dc
SSDEEP

768:U+AoqJ1ZF96MVXDLQL8d3bVlS1WoLZhai:6o4WMV3Qwd3bvOWoLZZ

Score

10^/10

mirai unstable botnet defense_evasion discovery linux upx

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

ff9e993a9375a2b6a099fd8ddcd201e1e50c75b47020576513f2068605b4dea5.elf

Resource

ubuntu2204-amd64-20240611-en

mirai unstable botnet defense_evasion discovery

ubuntu-22.04-amd64

9 signatures

150 seconds

Malware Config

Extracted

Family

mirai

Botnet

UNSTABLE

Targets

- Target
  
  ff9e993a9375a2b6a099fd8ddcd201e1e50c75b47020576513f2068605b4dea5.elf
- Size
  
  35KB
- MD5
  
  b51646a8513eeee446c6291d0783a654
- SHA1
  
  80539eb3962e6588041e78785947b6ebe34f5ce2
- SHA256
  
  ff9e993a9375a2b6a099fd8ddcd201e1e50c75b47020576513f2068605b4dea5
- SHA512
  
  7a767042004dd70f8e8cc520cbc24ad138d392cd25cc34af138d70d1ea25a2d394653cd66b7678b3783ed7479c6bed3e063185fb6d310f108f88da963d88f077
- SSDEEP
  
  768:m4/GG5zY0VG0zQbHkMwWYoLehOnpLbmonVp8WsoQ3kVnbcuyD7Ufyqm:h1zY0c0zujwWYl0RbmQL8WsRgnouy8qF
Score

10^/10

mirai unstable botnet defense_evasion discovery
- Mirai
  Mirai is a prevalent Linux malware infecting exposed network devices.
  botnet mirai
- Mirai family
  mirai
- Contacts a large (191417) amount of remote hosts
  This may indicate a network scan to discover remotely running services.
  discovery
- Creates a large amount of network flows
  This may indicate a network scan to discover remotely running services.
  discovery
- Modifies Watchdog functionality
  Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.
  defense_evasion
- Enumerates running processes
  Discovers information about currently running processes on the system
- Writes file to system bin folder
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Impair Defenses

Credential Access

Discovery

Network Service Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

miraiunstablebotnetdefense_evasiondiscovery

© 2018-2025

Terms | Privacy