Overview

overview

10

Static

static

10

arm7.elf

debian-9-armhf

7

Sharing

Copy URL
Twitter E-mail

General

  • Target

    arm7.elf

  • Size

    168KB

  • Sample

    250101-vcjlyswlam

  • MD5

    ef90af569e453a92b2c8eb37ac23a2af

  • SHA1

    8e943eaf470af530503694488208a551aa86f515

  • SHA256

    c834b13a679d369fbd24886bfd6232c895627ebb1c63e7c8642b568e1f7ffffe

  • SHA512

    bab4294612a0f5690ae465af1aefcbc8992ff0590d6a15068095b9e36dbfd731c3fbe1f0840185f185f5caea127d97f75077572f289b9d278f83576b38852d4a

  • SSDEEP

    3072:8qwG+C1QT6mXRfDUnhaRkZzOQEfcl/lawSosRMDh7WOagM/9regU9:8qwG1mBf4haRkZzOQE0l/Qw0qh7WOhMA

Score
10/10
miraimiraidefense_evasiondiscoveryexecutionpersistenceprivilege_escalation

Malware Config

Extracted

Family

mirai

Botnet

MIRAI

Targets

    • Target

      arm7.elf

    • Size

      168KB

    • MD5

      ef90af569e453a92b2c8eb37ac23a2af

    • SHA1

      8e943eaf470af530503694488208a551aa86f515

    • SHA256

      c834b13a679d369fbd24886bfd6232c895627ebb1c63e7c8642b568e1f7ffffe

    • SHA512

      bab4294612a0f5690ae465af1aefcbc8992ff0590d6a15068095b9e36dbfd731c3fbe1f0840185f185f5caea127d97f75077572f289b9d278f83576b38852d4a

    • SSDEEP

      3072:8qwG+C1QT6mXRfDUnhaRkZzOQEfcl/lawSosRMDh7WOagM/9regU9:8qwG1mBf4haRkZzOQE0l/Qw0qh7WOhMA

    Score
    7/10
    defense_evasiondiscoveryexecutionpersistenceprivilege_escalation

    • Deletes itself

    • Modifies Watchdog functionality

      Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.

      defense_evasion

    • Modifies systemd

      Adds/ modifies systemd service files. Likely to achieve persistence.

      persistenceprivilege_escalation
    behavioral1

MITRE ATT&CK Enterprise v15

Tasks