General
-
Target
arm5.elf
-
Size
81KB
-
Sample
250101-v9en9sxrcl
-
MD5
8114773b3827da1450fa61dda0679c8b
-
SHA1
db663b5e80ce27edbb3d06b81bca78b45cc5b1dc
-
SHA256
b6720048ed8dc114296bb3007adca57f649247dddadde777b00019aaadd1d360
-
SHA512
c7c86749ad2c4395ba5d9156fe271d6522406245fba31f3febc57b451cdc70ba070b7652bf753c534c0d51b8c1460bff9cca4ea93023521a3f1957280bd71aa8
-
SSDEEP
1536:ih+1IWRBh2N3+SDY/uFMPpa/C4fNXAVBhhl8Xx4UngTBgl:ih+ba0dBa/CaVAVbhlCOTSl
Malware Config
Extracted
mirai
MIRAI
Targets
-
-
Target
arm5.elf
-
Size
81KB
-
MD5
8114773b3827da1450fa61dda0679c8b
-
SHA1
db663b5e80ce27edbb3d06b81bca78b45cc5b1dc
-
SHA256
b6720048ed8dc114296bb3007adca57f649247dddadde777b00019aaadd1d360
-
SHA512
c7c86749ad2c4395ba5d9156fe271d6522406245fba31f3febc57b451cdc70ba070b7652bf753c534c0d51b8c1460bff9cca4ea93023521a3f1957280bd71aa8
-
SSDEEP
1536:ih+1IWRBh2N3+SDY/uFMPpa/C4fNXAVBhhl8Xx4UngTBgl:ih+ba0dBa/CaVAVbhlCOTSl
Score7/10-
Deletes Audit logs
Deletes logs related to the Linux Audit framework.
-
Deletes itself
-
Deletes system logs
Deletes log file which contains global system messages. Adversaries may delete system logs to minimize their footprint.
-
Modifies Watchdog functionality
Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.
-
Deletes log files
Deletes log files on the system.
-
Enumerates running processes
Discovers information about currently running processes on the system
-
Modifies systemd
Adds/ modifies systemd service files. Likely to achieve persistence.
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1XDG Autostart Entries
1Create or Modify System Process
1Systemd Service
1Privilege Escalation
Boot or Logon Autostart Execution
1XDG Autostart Entries
1Create or Modify System Process
1Systemd Service
1