mirai | 76902492ec92ee429c17602088f826cfefa6519c529ee948bdc621809e4f5247 | Triage

Sharing

General

Target

pecga.arm5.elf
Size

71KB
Sample

250116-w6lh3stncl
MD5

b50cf2aa5d51254555d95a2d3bb0260c
SHA1

8f429d3ac7fe4e7c7d8759a1b35670b1479d5482
SHA256

76902492ec92ee429c17602088f826cfefa6519c529ee948bdc621809e4f5247
SHA512

eb0062298003afb9ae14b92c37f63185ed25f18ad5260603034487c2e2594b12ab3ad8bebf4975fcc2a090d6b644eaea2cba76cad3a9c5caad30092e99fbe108
SSDEEP

1536:cBR8D6qP2t5eOD6ilbYp3WpyeGqF1v+XE5obk:cBtD6QbY2yeGgmXRb

Score

10^/10

mirai unstable defense_evasion

Malware Config

Extracted

Family

mirai

Botnet

UNSTABLE

Targets

- Target
  
  pecga.arm5.elf
- Size
  
  71KB
- MD5
  
  b50cf2aa5d51254555d95a2d3bb0260c
- SHA1
  
  8f429d3ac7fe4e7c7d8759a1b35670b1479d5482
- SHA256
  
  76902492ec92ee429c17602088f826cfefa6519c529ee948bdc621809e4f5247
- SHA512
  
  eb0062298003afb9ae14b92c37f63185ed25f18ad5260603034487c2e2594b12ab3ad8bebf4975fcc2a090d6b644eaea2cba76cad3a9c5caad30092e99fbe108
- SSDEEP
  
  1536:cBR8D6qP2t5eOD6ilbYp3WpyeGqF1v+XE5obk:cBtD6QbY2yeGgmXRb
Score

7^/10

defense_evasion
- Deletes itself
- Modifies Watchdog functionality
  Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.
  defense_evasion
- Writes file to system bin folder
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Impair Defenses

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

defense_evasion