mirai | 504eb40189921f74d9e7043632097025ebdecc6829469327cea12822f49a082b | Triage

Sharing

General

Target

meth2.elf
Size

49KB
Sample

250114-ql8vzs1lhk
MD5

3cd4c06f316a9414d46278cec0057df2
SHA1

3e195cb5c3270af4ed4bc7856924f8a43427afeb
SHA256

504eb40189921f74d9e7043632097025ebdecc6829469327cea12822f49a082b
SHA512

009bcaaf62aeac8226c8c2315765f30c3464a9c7f743b51e0774e172765b1bc1711cdae101bbfd50b5d6f0bbe0633837284aeabdbd935eaf28f240ac5623d797
SSDEEP

1536:z2Cjz+rGHUo+iwYRkCwchfD1oPtAFQPfkq:Vj6iHUmwYqk1oPtjfk

Score

10^/10

mirai botnet defense_evasion discovery linux

Malware Config

Extracted

Family

mirai

Botnet

BOTNET

Targets

- Target
  
  meth2.elf
- Size
  
  49KB
- MD5
  
  3cd4c06f316a9414d46278cec0057df2
- SHA1
  
  3e195cb5c3270af4ed4bc7856924f8a43427afeb
- SHA256
  
  504eb40189921f74d9e7043632097025ebdecc6829469327cea12822f49a082b
- SHA512
  
  009bcaaf62aeac8226c8c2315765f30c3464a9c7f743b51e0774e172765b1bc1711cdae101bbfd50b5d6f0bbe0633837284aeabdbd935eaf28f240ac5623d797
- SSDEEP
  
  1536:z2Cjz+rGHUo+iwYRkCwchfD1oPtAFQPfkq:Vj6iHUmwYqk1oPtjfk
Score

9^/10

defense_evasion discovery
- Contacts a large (113615) amount of remote hosts
  This may indicate a network scan to discover remotely running services.
  discovery
- Creates a large amount of network flows
  This may indicate a network scan to discover remotely running services.
  discovery
- Modifies Watchdog functionality
  Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.
  defense_evasion
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Impair Defenses

Credential Access

Discovery

Network Service Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

defense_evasiondiscovery