mirai | ed733c82d3ca7a723b70a9864d5bc5032b25f1dfc58c64e66ded9faa752601b9 | Triage

Sharing

General

Target

kwari.arm7.elf
Size

128KB
Sample

241230-yn5kcawmap
MD5

ef2b38e07055abea6572ef5ec4d3f84f
SHA1

e1cbb758ceb4883129611f5f45948f985492f50f
SHA256

ed733c82d3ca7a723b70a9864d5bc5032b25f1dfc58c64e66ded9faa752601b9
SHA512

6d02841018b77a59f0d5d1b6c114694737a8c69a0658412714561506faab94f8f15c077dc8a35aaceb349cbb10f85f587c98996fa526f338902a1f8c649f40fe
SSDEEP

3072:b2N8tJc98/uHv8BFVlX0CTgb7SzM/9Lqfe:yNgcGuHv8BF7X0rb7GM/9Wfe

Score

10^/10

mirai kaizen defense_evasion discovery

Malware Config

Extracted

Family

mirai

Botnet

KAIZEN

Targets

- Target
  
  kwari.arm7.elf
- Size
  
  128KB
- MD5
  
  ef2b38e07055abea6572ef5ec4d3f84f
- SHA1
  
  e1cbb758ceb4883129611f5f45948f985492f50f
- SHA256
  
  ed733c82d3ca7a723b70a9864d5bc5032b25f1dfc58c64e66ded9faa752601b9
- SHA512
  
  6d02841018b77a59f0d5d1b6c114694737a8c69a0658412714561506faab94f8f15c077dc8a35aaceb349cbb10f85f587c98996fa526f338902a1f8c649f40fe
- SSDEEP
  
  3072:b2N8tJc98/uHv8BFVlX0CTgb7SzM/9Lqfe:yNgcGuHv8BF7X0rb7GM/9Wfe
Score

9^/10

defense_evasion discovery
- Contacts a large (342908) amount of remote hosts
  This may indicate a network scan to discover remotely running services.
  discovery
- Creates a large amount of network flows
  This may indicate a network scan to discover remotely running services.
  discovery
- Modifies Watchdog functionality
  Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.
  defense_evasion
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Impair Defenses

Credential Access

Discovery

Network Service Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

defense_evasiondiscovery