mirai | 490567abfb0d2b7426dee90132ed02a7a6d12bfbb7485fcd49becc6cf5e37c4a | Triage

Sharing

General

Target

mips
Size

104KB
Sample

241231-qf6hnstrdj
MD5

672a92c650fc5fc17b196f0cd4609b4c
SHA1

1d60572c83ed8e7314886fec57ff675e4cb4aa3b
SHA256

490567abfb0d2b7426dee90132ed02a7a6d12bfbb7485fcd49becc6cf5e37c4a
SHA512

6f33a9c16f4f4ca817b69f7b28756f2e51ff18050cf2b748472a9a540377d329cff3494f51027997a8a0bafb8f64224562b0c7b0dfe7008e541c938a4cac301b
SSDEEP

1536:krux+7NqaAoyhvrRLHXUz/1c7SM7yHNIz1D5OjysrIreFvqvdNrf:Nx+7gaAokT1Ez/1y+q5D5OjrrIOCvdND

Score

10^/10

mirai mirai defense_evasion discovery evasion persistence privilege_escalation

Malware Config

Extracted

Family

mirai

Botnet

MIRAI

Targets

- Target
  
  mips
- Size
  
  104KB
- MD5
  
  672a92c650fc5fc17b196f0cd4609b4c
- SHA1
  
  1d60572c83ed8e7314886fec57ff675e4cb4aa3b
- SHA256
  
  490567abfb0d2b7426dee90132ed02a7a6d12bfbb7485fcd49becc6cf5e37c4a
- SHA512
  
  6f33a9c16f4f4ca817b69f7b28756f2e51ff18050cf2b748472a9a540377d329cff3494f51027997a8a0bafb8f64224562b0c7b0dfe7008e541c938a4cac301b
- SSDEEP
  
  1536:krux+7NqaAoyhvrRLHXUz/1c7SM7yHNIz1D5OjysrIreFvqvdNrf:Nx+7gaAokT1Ez/1y+q5D5OjrrIOCvdND
Score

7^/10

defense_evasion discovery evasion persistence privilege_escalation
- Deletes Audit logs
  Deletes logs related to the Linux Audit framework.
  evasion
- Deletes itself
- Deletes system logs
  Deletes log file which contains global system messages. Adversaries may delete system logs to minimize their footprint.
  evasion
- Modifies Watchdog functionality
  Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.
  defense_evasion
- Deletes log files
  Deletes log files on the system.
  defense_evasion
- Enumerates running processes
  Discovers information about currently running processes on the system
- Modifies systemd
  Adds/ modifies systemd service files. Likely to achieve persistence.
  persistence privilege_escalation
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

XDG Autostart Entries

Create or Modify System Process

Systemd Service

Privilege Escalation

Boot or Logon Autostart Execution

XDG Autostart Entries

Create or Modify System Process

Systemd Service

Defense Evasion

Impair Defenses

Indicator Removal

Clear Linux or Mac System Logs

Credential Access

Discovery

System Information Discovery

System Network Configuration Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

defense_evasiondiscoveryevasionpersistenceprivilege_escalation