mirai | ed7382c3202bca5f149c0143154468f62cd4b98b43254981f52d7f25a32d563b | Triage

Sharing

General

Target

arm5.elf
Size

51KB
Sample

250115-r6ey3sxkhm
MD5

ba90717e35e660c77f5eed6441b2f9c4
SHA1

c2b874723e5802b8ae6dd73388dd018d094904dc
SHA256

ed7382c3202bca5f149c0143154468f62cd4b98b43254981f52d7f25a32d563b
SHA512

aa45053da98c83f99612d415e5b017727176f3baba5ead285a4c0446a28dc5df3872bc9aa39cef2e1f249d6ef34bd9d8b0ba25137db5688b7383661c3a6964f4
SSDEEP

768:q3ltpsNJvJkRbX8lF9nN+xVM+wJqRXHUnoocH+ZkHPESOrhS9X2/NPOBzGkUzg:6tYJwS9nNWTwJ6XHUn6+ZkvJQtYBas

Score

10^/10

mirai botnet defense_evasion discovery

Malware Config

Extracted

Family

mirai

Botnet

BOTNET

Targets

- Target
  
  arm5.elf
- Size
  
  51KB
- MD5
  
  ba90717e35e660c77f5eed6441b2f9c4
- SHA1
  
  c2b874723e5802b8ae6dd73388dd018d094904dc
- SHA256
  
  ed7382c3202bca5f149c0143154468f62cd4b98b43254981f52d7f25a32d563b
- SHA512
  
  aa45053da98c83f99612d415e5b017727176f3baba5ead285a4c0446a28dc5df3872bc9aa39cef2e1f249d6ef34bd9d8b0ba25137db5688b7383661c3a6964f4
- SSDEEP
  
  768:q3ltpsNJvJkRbX8lF9nN+xVM+wJqRXHUnoocH+ZkHPESOrhS9X2/NPOBzGkUzg:6tYJwS9nNWTwJ6XHUn6+ZkvJQtYBas
Score

9^/10

defense_evasion discovery
- Contacts a large (107737) amount of remote hosts
  This may indicate a network scan to discover remotely running services.
  discovery
- Creates a large amount of network flows
  This may indicate a network scan to discover remotely running services.
  discovery
- Modifies Watchdog functionality
  Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.
  defense_evasion
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Impair Defenses

Credential Access

Discovery

Network Service Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

defense_evasiondiscovery