General
-
Target
arm7.elf
-
Size
168KB
-
Sample
241231-zapgmszqbk
-
MD5
f79e1a6215aa503b778a36ae1d9adebd
-
SHA1
9c07d0922b3c30fccfc31cf335e459008817de3c
-
SHA256
312e3eb0decead7f6c7bc08ccb39ebbf05a5f2013ed909883666ca91b9f11f4e
-
SHA512
278a1fceb4fb4f86c62bea4b1bb520f744725380e650563bddcd0bf458743dd3eb46cbe2254bf4b1fd5880c324ffce10f46c51d0c4dbd9e15bd3c48276fa44b4
-
SSDEEP
3072:UzZWl31/Tszb5Z16GayLZHjQQdfGtjv3vsgWIgzYBJM/9FCyPY:UzZW8z1Z0GayLZHjQQRGtjsDIgzYrM/+
Malware Config
Extracted
mirai
MIRAI
Targets
-
-
Target
arm7.elf
-
Size
168KB
-
MD5
f79e1a6215aa503b778a36ae1d9adebd
-
SHA1
9c07d0922b3c30fccfc31cf335e459008817de3c
-
SHA256
312e3eb0decead7f6c7bc08ccb39ebbf05a5f2013ed909883666ca91b9f11f4e
-
SHA512
278a1fceb4fb4f86c62bea4b1bb520f744725380e650563bddcd0bf458743dd3eb46cbe2254bf4b1fd5880c324ffce10f46c51d0c4dbd9e15bd3c48276fa44b4
-
SSDEEP
3072:UzZWl31/Tszb5Z16GayLZHjQQdfGtjv3vsgWIgzYBJM/9FCyPY:UzZW8z1Z0GayLZHjQQRGtjsDIgzYrM/+
Score7/10-
Deletes itself
-
Modifies Watchdog functionality
Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.
-
Enumerates running processes
Discovers information about currently running processes on the system
-
Modifies systemd
Adds/ modifies systemd service files. Likely to achieve persistence.
-
Reads process memory
Read the memory of a process through the /proc virtual filesystem. This can be used to steal credentials.
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1XDG Autostart Entries
1Create or Modify System Process
1Systemd Service
1