mirai | d82ad962ffe30135a0eeacc183a0742fa975efbe8349bf4dafc1627e6ff047a7 | Triage

Sharing

General

Target

mips.elf
Size

103KB
Sample

250101-wlvw1synhp
MD5

d97c54c008841825d8db6a8587b868ca
SHA1

a77a0cec98ad915fb7975790e518fe44371f9bdc
SHA256

d82ad962ffe30135a0eeacc183a0742fa975efbe8349bf4dafc1627e6ff047a7
SHA512

07909c669a57086b51f0e9ca80756fd06a0d0ccd1d952f9a086ac47c3b201a44ffd37386cf59a7bf0d1afae902b75803787f03a8880b79ae184cb5de811117fe
SSDEEP

1536:MHtBG/R9COCab33DsIDQ+ew7LSEKi9aV9hT2ECJieM7VZ7Mk:CBG/DCOCynoIc+ef49aV9hT/CJGVZ7H

Score

10^/10

mirai mirai defense_evasion discovery evasion persistence privilege_escalation

Malware Config

Extracted

Family

mirai

Botnet

MIRAI

Targets

- Target
  
  mips.elf
- Size
  
  103KB
- MD5
  
  d97c54c008841825d8db6a8587b868ca
- SHA1
  
  a77a0cec98ad915fb7975790e518fe44371f9bdc
- SHA256
  
  d82ad962ffe30135a0eeacc183a0742fa975efbe8349bf4dafc1627e6ff047a7
- SHA512
  
  07909c669a57086b51f0e9ca80756fd06a0d0ccd1d952f9a086ac47c3b201a44ffd37386cf59a7bf0d1afae902b75803787f03a8880b79ae184cb5de811117fe
- SSDEEP
  
  1536:MHtBG/R9COCab33DsIDQ+ew7LSEKi9aV9hT2ECJieM7VZ7Mk:CBG/DCOCynoIc+ef49aV9hT/CJGVZ7H
Score

7^/10

defense_evasion discovery evasion persistence privilege_escalation
- Deletes Audit logs
  Deletes logs related to the Linux Audit framework.
  evasion
- Deletes itself
- Deletes system logs
  Deletes log file which contains global system messages. Adversaries may delete system logs to minimize their footprint.
  evasion
- Modifies Watchdog functionality
  Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.
  defense_evasion
- Deletes log files
  Deletes log files on the system.
  defense_evasion
- Enumerates running processes
  Discovers information about currently running processes on the system
- Modifies systemd
  Adds/ modifies systemd service files. Likely to achieve persistence.
  persistence privilege_escalation
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

XDG Autostart Entries

Create or Modify System Process

Systemd Service

Privilege Escalation

Boot or Logon Autostart Execution

XDG Autostart Entries

Create or Modify System Process

Systemd Service

Defense Evasion

Impair Defenses

Indicator Removal

Clear Linux or Mac System Logs

Credential Access

Discovery

System Information Discovery

System Network Configuration Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

defense_evasiondiscoveryevasionpersistenceprivilege_escalation