General
-
Target
0ede5fe6fc280fd897bfafe958262eae21f5e866aa7fbc0c74aaf4a3e9ec3237.elf
-
Size
79KB
-
Sample
250103-dtmw9sxlfv
-
MD5
793608dcc966f10f356cc0c84b68f618
-
SHA1
7042c74fc2ef1c8acdb11e020348d66b0c0a65ec
-
SHA256
0ede5fe6fc280fd897bfafe958262eae21f5e866aa7fbc0c74aaf4a3e9ec3237
-
SHA512
b49664b0cc0848ac96a1cc3d1a99e35e57158499b5b77f2c74d737eb39a1987ea33a198ab58f8a15ca6417f8a8c5003aff98464a9524d4f192e3d4674a7fb911
-
SSDEEP
1536:jEZ7dF3Nw8V/OjhJgpZqLKfFVb5/QR6qngwfR6eeiTzrcL1RPSnReSNESw3SVXF:jUdRa8VQHgp9FVSR60gw1XTza1RPS8SN
Malware Config
Extracted
mirai
MIRAI
Targets
-
-
Target
0ede5fe6fc280fd897bfafe958262eae21f5e866aa7fbc0c74aaf4a3e9ec3237.elf
-
Size
79KB
-
MD5
793608dcc966f10f356cc0c84b68f618
-
SHA1
7042c74fc2ef1c8acdb11e020348d66b0c0a65ec
-
SHA256
0ede5fe6fc280fd897bfafe958262eae21f5e866aa7fbc0c74aaf4a3e9ec3237
-
SHA512
b49664b0cc0848ac96a1cc3d1a99e35e57158499b5b77f2c74d737eb39a1987ea33a198ab58f8a15ca6417f8a8c5003aff98464a9524d4f192e3d4674a7fb911
-
SSDEEP
1536:jEZ7dF3Nw8V/OjhJgpZqLKfFVb5/QR6qngwfR6eeiTzrcL1RPSnReSNESw3SVXF:jUdRa8VQHgp9FVSR60gw1XTza1RPS8SN
Score7/10-
Deletes Audit logs
Deletes logs related to the Linux Audit framework.
-
Deletes itself
-
Deletes journal logs
Deletes systemd journal logs. Likely to evade detection.
-
Deletes system logs
Deletes log file which contains global system messages. Adversaries may delete system logs to minimize their footprint.
-
Modifies Watchdog functionality
Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.
-
Enumerates running processes
Discovers information about currently running processes on the system
-
Modifies systemd
Adds/ modifies systemd service files. Likely to achieve persistence.
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1XDG Autostart Entries
1Create or Modify System Process
1Systemd Service
1Privilege Escalation
Boot or Logon Autostart Execution
1XDG Autostart Entries
1Create or Modify System Process
1Systemd Service
1