mirai | 013977ba03fdd2813f040aa0bc68cca0867f077cf8c9841e225cec42e81d3479 | Triage

Submit
Reports

Overview

overview

Static

static

Aqua.arm4.elf

debian-9-armhf

7

Sharing

General

Target

Aqua.arm4.elf
Size

75KB
Sample

241231-paay5szjd1
MD5

721641131718ddf892ca8729261f7a36
SHA1

581fd24649b530a7b2b2142020c933d1fcab1234
SHA256

013977ba03fdd2813f040aa0bc68cca0867f077cf8c9841e225cec42e81d3479
SHA512

32306daadb6b2226e446cdc13e68deaae23f4be71e0dfabf1b9a90f9f1f26960b5e8a3e86ad631161f0da4e320f9f042b7d0449dba45619eca21cca5c85fa00c
SSDEEP

1536:9U+v4c3K0sEl3Lr1WvKnVzOM5OaI1bmC4TJuwiSim:9U+DDb+KnVaft4R

Score

10^/10

mirai botnet discovery

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

Aqua.arm4.elf

Resource

debian9-armhf-20240729-en

debian-9-armhf

5 signatures

150 seconds

Malware Config

Extracted

Family

mirai

Botnet

BOTNET

C2

89.190.156.145

Targets

- Target
  
  Aqua.arm4.elf
- Size
  
  75KB
- MD5
  
  721641131718ddf892ca8729261f7a36
- SHA1
  
  581fd24649b530a7b2b2142020c933d1fcab1234
- SHA256
  
  013977ba03fdd2813f040aa0bc68cca0867f077cf8c9841e225cec42e81d3479
- SHA512
  
  32306daadb6b2226e446cdc13e68deaae23f4be71e0dfabf1b9a90f9f1f26960b5e8a3e86ad631161f0da4e320f9f042b7d0449dba45619eca21cca5c85fa00c
- SSDEEP
  
  1536:9U+v4c3K0sEl3Lr1WvKnVzOM5OaI1bmC4TJuwiSim:9U+DDb+KnVaft4R
Score

7^/10

discovery
- Deletes itself
- Unexpected DNS network traffic destination
  Network traffic to other servers than the configured DNS servers was detected on the DNS port.
- Enumerates running processes
  Discovers information about currently running processes on the system
behavioral1

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

© 2018-2025

Terms | Privacy