mirai | f014a86843455dc45e2ad0885dad44723f9661d1e75552844ecd1189a891735d | Triage

Sharing

General

Target

hold.x86.elf
Size

65KB
Sample

250119-qcmldsylgw
MD5

417106066914ea3e081cbb7356b1e6a7
SHA1

610599c6f185ddca03c175d9cefa3a4645a4fd17
SHA256

f014a86843455dc45e2ad0885dad44723f9661d1e75552844ecd1189a891735d
SHA512

c65c970ba99a48bef0577091f72e6192a7a4b77733154f51fa10a7cefb0b049de4058c39d2caa4c40b93033e9394701d83c045284cb41bc7c95f340fed133b32
SSDEEP

1536:fVmfE7g9MK/MBxvy4rIrIx3TXtjMUmXe1mam+tfSV:Nmc7g9MK/t+tTtYpu1XBI

Score

10^/10

mirai unstable defense_evasion discovery linux

Malware Config

Extracted

Family

mirai

Botnet

UNSTABLE

C2

krkrdoskslansldkalsd.o-r.kr

Targets

- Target
  
  hold.x86.elf
- Size
  
  65KB
- MD5
  
  417106066914ea3e081cbb7356b1e6a7
- SHA1
  
  610599c6f185ddca03c175d9cefa3a4645a4fd17
- SHA256
  
  f014a86843455dc45e2ad0885dad44723f9661d1e75552844ecd1189a891735d
- SHA512
  
  c65c970ba99a48bef0577091f72e6192a7a4b77733154f51fa10a7cefb0b049de4058c39d2caa4c40b93033e9394701d83c045284cb41bc7c95f340fed133b32
- SSDEEP
  
  1536:fVmfE7g9MK/MBxvy4rIrIx3TXtjMUmXe1mam+tfSV:Nmc7g9MK/t+tTtYpu1XBI
Score

7^/10

defense_evasion discovery
- Deletes itself
- Modifies Watchdog functionality
  Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.
  defense_evasion
- Enumerates running processes
  Discovers information about currently running processes on the system
- Writes file to system bin folder
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Impair Defenses

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

defense_evasiondiscovery