mirai | b0d4c5f574262235ac9b84f14ab01c858aed158598ac0eac7b9c1197921429e6 | Triage

Sharing

General

Target

b0d4c5f574262235ac9b84f14ab01c858aed158598ac0eac7b9c1197921429e6.elf
Size

69KB
Sample

250131-eze92szrbj
MD5

06a0e480553dcba02700112a8baaf7a0
SHA1

414940006664c111fcc85af639e20384abd91a0e
SHA256

b0d4c5f574262235ac9b84f14ab01c858aed158598ac0eac7b9c1197921429e6
SHA512

9fee8b4c2083a18e96a025c04aea3dd640ed2490e3ffaa05edfa588e1600496c9e7554e2db2657292eb08afa0be75f73eda1db1dd0ab013ec6d346bfadcc160b
SSDEEP

1536:wUfDlg8BuA1D+v49jqIRWlXianBELKUngyZHsRrAWSC:wULlg8BuAWOUlXDnBHUn3ZMtV

Score

10^/10

mirai unstable defense_evasion discovery linux persistence privilege_escalation

Malware Config

Extracted

Family

mirai

Botnet

UNSTABLE

C2

dkdrlahhwlxptmxm2.p-e.kr

Targets

- Target
  
  b0d4c5f574262235ac9b84f14ab01c858aed158598ac0eac7b9c1197921429e6.elf
- Size
  
  69KB
- MD5
  
  06a0e480553dcba02700112a8baaf7a0
- SHA1
  
  414940006664c111fcc85af639e20384abd91a0e
- SHA256
  
  b0d4c5f574262235ac9b84f14ab01c858aed158598ac0eac7b9c1197921429e6
- SHA512
  
  9fee8b4c2083a18e96a025c04aea3dd640ed2490e3ffaa05edfa588e1600496c9e7554e2db2657292eb08afa0be75f73eda1db1dd0ab013ec6d346bfadcc160b
- SSDEEP
  
  1536:wUfDlg8BuA1D+v49jqIRWlXianBELKUngyZHsRrAWSC:wULlg8BuAWOUlXDnBHUn3ZMtV
Score

7^/10

defense_evasion discovery persistence privilege_escalation
- File and Directory Permissions Modification
  Adversaries may modify file or directory permissions to evade defenses.
  defense_evasion
- Deletes itself
- Creates/modifies environment variables
  Creating/modifying environment variables is a common persistence mechanism.
  persistence privilege_escalation defense_evasion
- Modifies init.d
  Adds/modifies system service, likely for persistence.
  persistence
- Modifies rc script
  Adding/modifying system rc scripts is a common persistence mechanism.
  persistence
- Modifies systemd
  Adds/ modifies systemd service files. Likely to achieve persistence.
  persistence privilege_escalation
- Modifies Bash startup script
  persistence
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

XDG Autostart Entries

Boot or Logon Initialization Scripts

RC Scripts

Create or Modify System Process

Systemd Service

Event Triggered Execution

Unix Shell Configuration Modification

Hijack Execution Flow

Path Interception by PATH Environment Variable

Privilege Escalation

Boot or Logon Autostart Execution

XDG Autostart Entries

Boot or Logon Initialization Scripts

RC Scripts

Create or Modify System Process

Systemd Service

Event Triggered Execution

Unix Shell Configuration Modification

Hijack Execution Flow

Path Interception by PATH Environment Variable

Defense Evasion

File and Directory Permissions Modification

Linux and Mac File and Directory Permissions Modification

Hijack Execution Flow

Path Interception by PATH Environment Variable

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

defense_evasiondiscoverypersistenceprivilege_escalation