mirai | 801c99e4f98a563c705771a06ef9290c3f1b262cec82e521a2f3f39641512e5f | Triage

Sharing

General

Target

801c99e4f98a563c705771a06ef9290c3f1b262cec82e521a2f3f39641512e5f.elf
Size

103KB
Sample

250107-cy141ssjeq
MD5

ade42a2e91917e954524de04d1e3d86e
SHA1

a642bd1688b2758ccfe482fc467d6555f512141f
SHA256

801c99e4f98a563c705771a06ef9290c3f1b262cec82e521a2f3f39641512e5f
SHA512

2a4d2b577a6dda726670563dd9c6703579dfa2c9c53b98839d5adf9e0c85a1fbe3334257022f5337ee962d44625c7278af03b0ca704b82afd4fea9be5b588c94
SSDEEP

1536:zO9Bm/RtCZiqr33Dc48uuwr7CFKygt6c9e8WDC1ieMbFQIg:yBm/zCZiyn448uuPRgt6c9e8YC1GFQP

Score

10^/10

mirai mirai defense_evasion discovery evasion persistence privilege_escalation

Malware Config

Extracted

Family

mirai

Botnet

MIRAI

Targets

- Target
  
  801c99e4f98a563c705771a06ef9290c3f1b262cec82e521a2f3f39641512e5f.elf
- Size
  
  103KB
- MD5
  
  ade42a2e91917e954524de04d1e3d86e
- SHA1
  
  a642bd1688b2758ccfe482fc467d6555f512141f
- SHA256
  
  801c99e4f98a563c705771a06ef9290c3f1b262cec82e521a2f3f39641512e5f
- SHA512
  
  2a4d2b577a6dda726670563dd9c6703579dfa2c9c53b98839d5adf9e0c85a1fbe3334257022f5337ee962d44625c7278af03b0ca704b82afd4fea9be5b588c94
- SSDEEP
  
  1536:zO9Bm/RtCZiqr33Dc48uuwr7CFKygt6c9e8WDC1ieMbFQIg:yBm/zCZiyn448uuPRgt6c9e8YC1GFQP
Score

7^/10

defense_evasion discovery evasion persistence privilege_escalation
- Deletes Audit logs
  Deletes logs related to the Linux Audit framework.
  evasion
- Deletes itself
- Deletes system logs
  Deletes log file which contains global system messages. Adversaries may delete system logs to minimize their footprint.
  evasion
- Modifies Watchdog functionality
  Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.
  defense_evasion
- Deletes log files
  Deletes log files on the system.
  defense_evasion
- Enumerates running processes
  Discovers information about currently running processes on the system
- Modifies systemd
  Adds/ modifies systemd service files. Likely to achieve persistence.
  persistence privilege_escalation
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

XDG Autostart Entries

Create or Modify System Process

Systemd Service

Privilege Escalation

Boot or Logon Autostart Execution

XDG Autostart Entries

Create or Modify System Process

Systemd Service

Defense Evasion

Impair Defenses

Indicator Removal

Clear Linux or Mac System Logs

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

defense_evasiondiscoveryevasionpersistenceprivilege_escalation