mirai | dac62134c0c6dc64b948b93139043763f50924a41f65352be35557c1066df5f5 | Triage

Sharing

General

Target

meth1.elf
Size

44KB
Sample

250114-qmv1hsypfz
MD5

b2ce46e698f84bbbd7e140fc17f0da2a
SHA1

79b4efc7244acbb5f3bf72994db77b7033e639ef
SHA256

dac62134c0c6dc64b948b93139043763f50924a41f65352be35557c1066df5f5
SHA512

cc81dafa315c2e5e33f534687a323bda80dac082cb05ba117f7e22e21006a142d5d2c15aff792e58f0c5b36bbfba446bd9b114fa789b13f07efeaf28a3f5bca0
SSDEEP

768:JDpazul5ouhJSaHWut0mf1Ywcm4l1AEcx9FX59fcjy53bOwYmzs:JDpazul5ouhAhuNff4l1AEqTfcjA36v9

Score

10^/10

mirai botnet discovery linux rootkit

Malware Config

Extracted

Family

mirai

Botnet

BOTNET

Targets

- Target
  
  meth1.elf
- Size
  
  44KB
- MD5
  
  b2ce46e698f84bbbd7e140fc17f0da2a
- SHA1
  
  79b4efc7244acbb5f3bf72994db77b7033e639ef
- SHA256
  
  dac62134c0c6dc64b948b93139043763f50924a41f65352be35557c1066df5f5
- SHA512
  
  cc81dafa315c2e5e33f534687a323bda80dac082cb05ba117f7e22e21006a142d5d2c15aff792e58f0c5b36bbfba446bd9b114fa789b13f07efeaf28a3f5bca0
- SSDEEP
  
  768:JDpazul5ouhJSaHWut0mf1Ywcm4l1AEcx9FX59fcjy53bOwYmzs:JDpazul5ouhAhuNff4l1AEqTfcjA36v9
Score

9^/10

discovery rootkit
- Contacts a large (113615) amount of remote hosts
  This may indicate a network scan to discover remotely running services.
  discovery
- Creates a large amount of network flows
  This may indicate a network scan to discover remotely running services.
  discovery
- Loads a kernel module
  Loads a Linux kernel module, potentially to achieve persistence
  rootkit
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Network Service Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

discoveryrootkit