mirai | 312e3eb0decead7f6c7bc08ccb39ebbf05a5f2013ed909883666ca91b9f11f4e | Triage

Sharing

General

Target

312e3eb0decead7f6c7bc08ccb39ebbf05a5f2013ed909883666ca91b9f11f4e.elf
Size

168KB
Sample

250101-cstgzs1kfw
MD5

f79e1a6215aa503b778a36ae1d9adebd
SHA1

9c07d0922b3c30fccfc31cf335e459008817de3c
SHA256

312e3eb0decead7f6c7bc08ccb39ebbf05a5f2013ed909883666ca91b9f11f4e
SHA512

278a1fceb4fb4f86c62bea4b1bb520f744725380e650563bddcd0bf458743dd3eb46cbe2254bf4b1fd5880c324ffce10f46c51d0c4dbd9e15bd3c48276fa44b4
SSDEEP

3072:UzZWl31/Tszb5Z16GayLZHjQQdfGtjv3vsgWIgzYBJM/9FCyPY:UzZW8z1Z0GayLZHjQQRGtjsDIgzYrM/+

Score

10^/10

mirai mirai credential_access discovery execution

Malware Config

Extracted

Family

mirai

Botnet

MIRAI

Targets

- Target
  
  312e3eb0decead7f6c7bc08ccb39ebbf05a5f2013ed909883666ca91b9f11f4e.elf
- Size
  
  168KB
- MD5
  
  f79e1a6215aa503b778a36ae1d9adebd
- SHA1
  
  9c07d0922b3c30fccfc31cf335e459008817de3c
- SHA256
  
  312e3eb0decead7f6c7bc08ccb39ebbf05a5f2013ed909883666ca91b9f11f4e
- SHA512
  
  278a1fceb4fb4f86c62bea4b1bb520f744725380e650563bddcd0bf458743dd3eb46cbe2254bf4b1fd5880c324ffce10f46c51d0c4dbd9e15bd3c48276fa44b4
- SSDEEP
  
  3072:UzZWl31/Tszb5Z16GayLZHjQQdfGtjv3vsgWIgzYBJM/9FCyPY:UzZW8z1Z0GayLZHjQQRGtjsDIgzYrM/+
Score

5^/10

credential_access discovery execution
- Reads process memory
  Read the memory of a process through the /proc virtual filesystem. This can be used to steal credentials.
  credential_access
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

Unix Shell

Persistence

Privilege Escalation

Defense Evasion

Credential Access

OS Credential Dumping

Proc Filesystem

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

credential_accessdiscoveryexecution