mirai | 032cf8eb1b8ef8bbae9d5a68aca6221cc92f344fe1e81ba47d506d85dc9c1499 | Triage

Sharing

General

Target

mips
Size

103KB
Sample

250101-rrv2ra1kbm
MD5

da68cb651d48d11bf83a598925a6ed52
SHA1

c262e4c03601cc039c4671c2da5f9339c5c8fd16
SHA256

032cf8eb1b8ef8bbae9d5a68aca6221cc92f344fe1e81ba47d506d85dc9c1499
SHA512

c4d83a2250f4244afe30f55be5e740c2b47f68adfc358ebd686e5a4e994e6b015c630511df90998153cfd94c89bacefd200fcb2c1bedf3616dc390a087a856c7
SSDEEP

1536:zO9Bm/RtCZiqr33Dc48uuwr7CFKygt6c9e8WDC1ieMbFXIg:yBm/zCZiyn448uuPRgt6c9e8YC1GFXP

Score

10^/10

mirai mirai defense_evasion discovery evasion persistence privilege_escalation

Malware Config

Extracted

Family

mirai

Botnet

MIRAI

Targets

- Target
  
  mips
- Size
  
  103KB
- MD5
  
  da68cb651d48d11bf83a598925a6ed52
- SHA1
  
  c262e4c03601cc039c4671c2da5f9339c5c8fd16
- SHA256
  
  032cf8eb1b8ef8bbae9d5a68aca6221cc92f344fe1e81ba47d506d85dc9c1499
- SHA512
  
  c4d83a2250f4244afe30f55be5e740c2b47f68adfc358ebd686e5a4e994e6b015c630511df90998153cfd94c89bacefd200fcb2c1bedf3616dc390a087a856c7
- SSDEEP
  
  1536:zO9Bm/RtCZiqr33Dc48uuwr7CFKygt6c9e8WDC1ieMbFXIg:yBm/zCZiyn448uuPRgt6c9e8YC1GFXP
Score

7^/10

defense_evasion discovery evasion persistence privilege_escalation
- Deletes Audit logs
  Deletes logs related to the Linux Audit framework.
  evasion
- Deletes itself
- Deletes system logs
  Deletes log file which contains global system messages. Adversaries may delete system logs to minimize their footprint.
  evasion
- Modifies Watchdog functionality
  Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.
  defense_evasion
- Deletes log files
  Deletes log files on the system.
  defense_evasion
- Enumerates running processes
  Discovers information about currently running processes on the system
- Modifies systemd
  Adds/ modifies systemd service files. Likely to achieve persistence.
  persistence privilege_escalation
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

XDG Autostart Entries

Create or Modify System Process

Systemd Service

Privilege Escalation

Boot or Logon Autostart Execution

XDG Autostart Entries

Create or Modify System Process

Systemd Service

Defense Evasion

Impair Defenses

Indicator Removal

Clear Linux or Mac System Logs

Credential Access

Discovery

System Information Discovery

System Network Configuration Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

defense_evasiondiscoveryevasionpersistenceprivilege_escalation