mirai | 0a4d9003c2abdf4225ec81e7dcd140666972aaebe9801bd9e6dc37ffc82045d6 | Triage

Sharing

General

Target

0a4d9003c2abdf4225ec81e7dcd140666972aaebe9801bd9e6dc37ffc82045d6.elf
Size

51KB
Sample

250107-cgyybs1lbk
MD5

af952190f612aef553c2bf7830eadf6f
SHA1

1c64c4a9152b5b2a28e4cb8c626a3dfedae54c95
SHA256

0a4d9003c2abdf4225ec81e7dcd140666972aaebe9801bd9e6dc37ffc82045d6
SHA512

789cf3de758e43abdb13ac3e99f15f8f611a1e18f3f9053cf59fd832ce3ef1f670f94588b567c3ecc4c710872cd2c84c570f866f2d9b32c77203087ec86175be
SSDEEP

768:ezNRLj5lHjz5NSexhgG8JH885RwgBYoCaUsoN/lZkHP+z/GWrHWhO/NPuBTR6Ldd:aRHXfDuG8nbwgB0hplZkvOh/QBTkc4

Score

10^/10

mirai botnet defense_evasion discovery

Malware Config

Extracted

Family

mirai

Botnet

BOTNET

Targets

- Target
  
  0a4d9003c2abdf4225ec81e7dcd140666972aaebe9801bd9e6dc37ffc82045d6.elf
- Size
  
  51KB
- MD5
  
  af952190f612aef553c2bf7830eadf6f
- SHA1
  
  1c64c4a9152b5b2a28e4cb8c626a3dfedae54c95
- SHA256
  
  0a4d9003c2abdf4225ec81e7dcd140666972aaebe9801bd9e6dc37ffc82045d6
- SHA512
  
  789cf3de758e43abdb13ac3e99f15f8f611a1e18f3f9053cf59fd832ce3ef1f670f94588b567c3ecc4c710872cd2c84c570f866f2d9b32c77203087ec86175be
- SSDEEP
  
  768:ezNRLj5lHjz5NSexhgG8JH885RwgBYoCaUsoN/lZkHP+z/GWrHWhO/NPuBTR6Ldd:aRHXfDuG8nbwgB0hplZkvOh/QBTkc4
Score

9^/10

defense_evasion discovery
- Contacts a large (103889) amount of remote hosts
  This may indicate a network scan to discover remotely running services.
  discovery
- Creates a large amount of network flows
  This may indicate a network scan to discover remotely running services.
  discovery
- Modifies Watchdog functionality
  Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.
  defense_evasion
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Impair Defenses

Credential Access

Discovery

Network Service Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

defense_evasiondiscovery