mirai | 56f9f81acb4735ab3a4e0652ded76b3d4fffc1382fad16b9a89d86f2b018fef4 | Triage

Sharing

General

Target

arm5.elf
Size

77KB
Sample

250101-rk2kyszram
MD5

4b09887a801d61eabb31032837d0ddd4
SHA1

61adff60110349551db664dd786c0d7d9fb5b14a
SHA256

56f9f81acb4735ab3a4e0652ded76b3d4fffc1382fad16b9a89d86f2b018fef4
SHA512

210a18ad7bea9e0c1f5fcb4c83fa18fb9d9a36cb0c7615976e827ee3c89cf4dec9147336c0f017fe7c0546b34f5b7053dd9df058d5ce77432451caa471d691cc
SSDEEP

1536:hjeYkWygyvrPuXxf/e0/rWsJgNy2bs4xn3WmWcb:hjeAHVrCsJg02bsaGmTb

Score

10^/10

mirai mirai defense_evasion evasion

Malware Config

Extracted

Family

mirai

Botnet

MIRAI

Targets

- Target
  
  arm5.elf
- Size
  
  77KB
- MD5
  
  4b09887a801d61eabb31032837d0ddd4
- SHA1
  
  61adff60110349551db664dd786c0d7d9fb5b14a
- SHA256
  
  56f9f81acb4735ab3a4e0652ded76b3d4fffc1382fad16b9a89d86f2b018fef4
- SHA512
  
  210a18ad7bea9e0c1f5fcb4c83fa18fb9d9a36cb0c7615976e827ee3c89cf4dec9147336c0f017fe7c0546b34f5b7053dd9df058d5ce77432451caa471d691cc
- SSDEEP
  
  1536:hjeYkWygyvrPuXxf/e0/rWsJgNy2bs4xn3WmWcb:hjeAHVrCsJg02bsaGmTb
Score

7^/10

defense_evasion evasion
- Deletes Audit logs
  Deletes logs related to the Linux Audit framework.
  evasion
- Deletes itself
- Deletes system logs
  Deletes log file which contains global system messages. Adversaries may delete system logs to minimize their footprint.
  evasion
- Modifies Watchdog functionality
  Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.
  defense_evasion
- Deletes log files
  Deletes log files on the system.
  defense_evasion
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Impair Defenses

Indicator Removal

Clear Linux or Mac System Logs

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

defense_evasionevasion