mirai | 22633b8d957952975d5680571716b1c2e5b392516a7218a51f3221af2c71d33a | Triage

Sharing

General

Target

mpsl.elf
Size

106KB
Sample

250106-3fefeavmar
MD5

aa498d8b14dff7783d7f01d4d4c9f8e4
SHA1

94f84785a89ce84f4977178eaf5524c05831832e
SHA256

22633b8d957952975d5680571716b1c2e5b392516a7218a51f3221af2c71d33a
SHA512

0f9b0c5e61c2488f377aaa36ee9e0a89592367770609172bd9f50c311db6faa2d11005b0317795a79bb47e2fa4d37f64147ba62fd8c1fca74c70738db5526f68
SSDEEP

1536:ygXHwnODnP1QGpapwiYiQ/GO4DqUXZSJvD3ZCu3qS9mTcH:y6HwnODnP112nJSVD3zUc

Score

10^/10

mirai mirai defense_evasion discovery evasion persistence privilege_escalation

Malware Config

Extracted

Family

mirai

Botnet

MIRAI

Targets

- Target
  
  mpsl.elf
- Size
  
  106KB
- MD5
  
  aa498d8b14dff7783d7f01d4d4c9f8e4
- SHA1
  
  94f84785a89ce84f4977178eaf5524c05831832e
- SHA256
  
  22633b8d957952975d5680571716b1c2e5b392516a7218a51f3221af2c71d33a
- SHA512
  
  0f9b0c5e61c2488f377aaa36ee9e0a89592367770609172bd9f50c311db6faa2d11005b0317795a79bb47e2fa4d37f64147ba62fd8c1fca74c70738db5526f68
- SSDEEP
  
  1536:ygXHwnODnP1QGpapwiYiQ/GO4DqUXZSJvD3ZCu3qS9mTcH:y6HwnODnP112nJSVD3zUc
Score

7^/10

defense_evasion discovery evasion persistence privilege_escalation
- Deletes Audit logs
  Deletes logs related to the Linux Audit framework.
  evasion
- Deletes itself
- Deletes system logs
  Deletes log file which contains global system messages. Adversaries may delete system logs to minimize their footprint.
  evasion
- Modifies Watchdog functionality
  Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.
  defense_evasion
- Deletes log files
  Deletes log files on the system.
  defense_evasion
- Enumerates running processes
  Discovers information about currently running processes on the system
- Modifies systemd
  Adds/ modifies systemd service files. Likely to achieve persistence.
  persistence privilege_escalation
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

XDG Autostart Entries

Create or Modify System Process

Systemd Service

Privilege Escalation

Boot or Logon Autostart Execution

XDG Autostart Entries

Create or Modify System Process

Systemd Service

Defense Evasion

Impair Defenses

Indicator Removal

Clear Linux or Mac System Logs

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

defense_evasiondiscoveryevasionpersistenceprivilege_escalation