mirai | 308d54f453afdd7caf00274721f19ab67fae85f8b11892c5b73284e62589dab0 | Triage

Sharing

General

Target

mpsl.elf
Size

82KB
Sample

250114-ql8vzsypdx
MD5

bc570dcbd5ac0d891130a8d2960a6c45
SHA1

934a7925457ef12fd45bf34164f2dd7cc09616db
SHA256

308d54f453afdd7caf00274721f19ab67fae85f8b11892c5b73284e62589dab0
SHA512

615083096b0ab6cf234b67da6b3391077b410efe25d9e50fbd4a9fb5e14570711243c8d2a3be48f8bc19ee26b9bc94bd2e3df5c0f94bd0d7aea8a7c959b57c75
SSDEEP

1536:8OyXUyQgt0QfA2glfykiszlQEy8Sw8XA05Z54CldZ5F3sSGd42+:8UykisRC3wQldS

Score

10^/10

mirai kurc defense_evasion discovery

Malware Config

Extracted

Family

mirai

Botnet

KURC

Targets

- Target
  
  mpsl.elf
- Size
  
  82KB
- MD5
  
  bc570dcbd5ac0d891130a8d2960a6c45
- SHA1
  
  934a7925457ef12fd45bf34164f2dd7cc09616db
- SHA256
  
  308d54f453afdd7caf00274721f19ab67fae85f8b11892c5b73284e62589dab0
- SHA512
  
  615083096b0ab6cf234b67da6b3391077b410efe25d9e50fbd4a9fb5e14570711243c8d2a3be48f8bc19ee26b9bc94bd2e3df5c0f94bd0d7aea8a7c959b57c75
- SSDEEP
  
  1536:8OyXUyQgt0QfA2glfykiszlQEy8Sw8XA05Z54CldZ5F3sSGd42+:8UykisRC3wQldS
Score

9^/10

defense_evasion discovery
- Contacts a large (93233) amount of remote hosts
  This may indicate a network scan to discover remotely running services.
  discovery
- Creates a large amount of network flows
  This may indicate a network scan to discover remotely running services.
  discovery
- Modifies Watchdog functionality
  Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.
  defense_evasion
- Writes file to system bin folder
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Impair Defenses

Credential Access

Discovery

Network Service Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

defense_evasiondiscovery