mirai | ba2ce8b68bb705943865c6f17f48c5e43fec538f60da3520dda472eabd95501d | Triage

Sharing

General

Target

arm4.elf
Size

51KB
Sample

250106-3feq6svmcj
MD5

7a3d9a80bfc1d02843f53451aaba4756
SHA1

21f667c87ddfd22b53306a873608b6586dc8fe39
SHA256

ba2ce8b68bb705943865c6f17f48c5e43fec538f60da3520dda472eabd95501d
SHA512

6cc9c98d7bb73881438cf4f101ca0e265593e149499febc393060b2d6a23761e52e663eda49838abb2385dc6d4f1586992be67b04e4d1f0d0ae2ffc0c405a06e
SSDEEP

768:02SvB6x0u+o5a/QLLVP4t55YjyixOpMoi6oZkHPbzZHrz7h5/NPoBQw6vz8:rgBk0oLVs5WjyikpdoZkvvVX+Bg4

Score

10^/10

mirai botnet defense_evasion discovery

Malware Config

Extracted

Family

mirai

Botnet

BOTNET

Targets

- Target
  
  arm4.elf
- Size
  
  51KB
- MD5
  
  7a3d9a80bfc1d02843f53451aaba4756
- SHA1
  
  21f667c87ddfd22b53306a873608b6586dc8fe39
- SHA256
  
  ba2ce8b68bb705943865c6f17f48c5e43fec538f60da3520dda472eabd95501d
- SHA512
  
  6cc9c98d7bb73881438cf4f101ca0e265593e149499febc393060b2d6a23761e52e663eda49838abb2385dc6d4f1586992be67b04e4d1f0d0ae2ffc0c405a06e
- SSDEEP
  
  768:02SvB6x0u+o5a/QLLVP4t55YjyixOpMoi6oZkHPbzZHrz7h5/NPoBQw6vz8:rgBk0oLVs5WjyikpdoZkvvVX+Bg4
Score

9^/10

defense_evasion discovery
- Contacts a large (112588) amount of remote hosts
  This may indicate a network scan to discover remotely running services.
  discovery
- Creates a large amount of network flows
  This may indicate a network scan to discover remotely running services.
  discovery
- Modifies Watchdog functionality
  Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.
  defense_evasion
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Impair Defenses

Credential Access

Discovery

Network Service Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

defense_evasiondiscovery