mirai | fc139908a4cc0fa85ab1415b23e985863b4deb45b8cae876ac4583b58265660c | Triage

Sharing

General

Target

pecga.x86.elf
Size

65KB
Sample

250117-cjzbwazjbl
MD5

2949d884ed9af407513107d67b12d186
SHA1

05d7dd2a6aed675fdf2e6a6acdf90b95351c68cb
SHA256

fc139908a4cc0fa85ab1415b23e985863b4deb45b8cae876ac4583b58265660c
SHA512

deacfde826626d71426a53a5e6bfb8d5afaece11ed8146a82c3dfc0e74a44e8d1a5d2f23294ca19ad02d6c489d487224d4a047c76cc1f60215f99372f590238d
SSDEEP

1536:fVmfE7g9MK/MBxvy43IrIx3TRtvMUmbe1mam+ZfS+:Nmc7g9MK/tytFtUpC1XBv

Score

10^/10

mirai unstable defense_evasion discovery linux

Malware Config

Extracted

Family

mirai

Botnet

UNSTABLE

C2

krkrdoskslansldkalsd.o-r.kr

Targets

- Target
  
  pecga.x86.elf
- Size
  
  65KB
- MD5
  
  2949d884ed9af407513107d67b12d186
- SHA1
  
  05d7dd2a6aed675fdf2e6a6acdf90b95351c68cb
- SHA256
  
  fc139908a4cc0fa85ab1415b23e985863b4deb45b8cae876ac4583b58265660c
- SHA512
  
  deacfde826626d71426a53a5e6bfb8d5afaece11ed8146a82c3dfc0e74a44e8d1a5d2f23294ca19ad02d6c489d487224d4a047c76cc1f60215f99372f590238d
- SSDEEP
  
  1536:fVmfE7g9MK/MBxvy43IrIx3TRtvMUmbe1mam+ZfS+:Nmc7g9MK/tytFtUpC1XBv
Score

7^/10

defense_evasion discovery
- Deletes itself
- Modifies Watchdog functionality
  Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.
  defense_evasion
- Enumerates running processes
  Discovers information about currently running processes on the system
- Writes file to system bin folder
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Impair Defenses

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

defense_evasiondiscovery