mirai | 2410442b2a9913ba91920c26238e93c6d54d2938d58474c3b3fe1bd15548247e | Triage

Submit
Reports

Overview

overview

Static

static

Aqua.arm5.elf

debian-9-armhf

7

Sharing

General

Target

Aqua.arm5.elf
Size

73KB
Sample

241231-ndpe9sxphv
MD5

a81b3e1b08e1dd38ed320248960f0a22
SHA1

e6caa95820ed9a3ac2721bb35d5141b95f58bb6f
SHA256

2410442b2a9913ba91920c26238e93c6d54d2938d58474c3b3fe1bd15548247e
SHA512

5b492fd9d7023140c05e1160e5b8b911e20a7b560942a348cce369d79d72e715c22f84bd21b050cca9a341967dc3305c3e3cb517ebecce8b8bd12dab2a651a82
SSDEEP

1536:0ywMg00kq9ASzNW1vUTYM5ONh5TmM0FHzwUhIuSim:0ywWjSgvUUbw5zD2

Score

10^/10

mirai botnet discovery

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

Aqua.arm5.elf

Resource

debian9-armhf-20240611-en

debian-9-armhf

5 signatures

150 seconds

Malware Config

Extracted

Family

mirai

Botnet

BOTNET

C2

89.190.156.145

Targets

- Target
  
  Aqua.arm5.elf
- Size
  
  73KB
- MD5
  
  a81b3e1b08e1dd38ed320248960f0a22
- SHA1
  
  e6caa95820ed9a3ac2721bb35d5141b95f58bb6f
- SHA256
  
  2410442b2a9913ba91920c26238e93c6d54d2938d58474c3b3fe1bd15548247e
- SHA512
  
  5b492fd9d7023140c05e1160e5b8b911e20a7b560942a348cce369d79d72e715c22f84bd21b050cca9a341967dc3305c3e3cb517ebecce8b8bd12dab2a651a82
- SSDEEP
  
  1536:0ywMg00kq9ASzNW1vUTYM5ONh5TmM0FHzwUhIuSim:0ywWjSgvUUbw5zD2
Score

7^/10

discovery
- Deletes itself
- Unexpected DNS network traffic destination
  Network traffic to other servers than the configured DNS servers was detected on the DNS port.
- Enumerates running processes
  Discovers information about currently running processes on the system
behavioral1

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

© 2018-2025

Terms | Privacy