mirai | 38dda6d58ce21c4ac1d1f72e0b8721be0a944ea8669b60fa6772622b1098a816 | Triage

Sharing

General

Target

x86_64.elf
Size

76KB
Sample

250131-r3kedszrbq
MD5

e0c97162b569c195d2977c041f33531f
SHA1

a5a5b4aaa7074aab71308e4b4a7f0f5eefbcebc1
SHA256

38dda6d58ce21c4ac1d1f72e0b8721be0a944ea8669b60fa6772622b1098a816
SHA512

20a8fcd1b3eff7cd18c04e384dd15dc8239a320a85e8b4ea15e594c32020f7c73b3d737439c19626520f2e255432593fc0264d91d47bfe5e970efd83a87ed0dd
SSDEEP

1536:ZA09XUYb8I7pliVKd0EbLjZWeqfh3X1mmeqYobYEW+uwIOTXDHSHC2gg:h9Xxz7pwQ9vZWemX1mmvYEgwI8WHC2gg

Score

10^/10

mirai unstable defense_evasion discovery linux

Malware Config

Extracted

Family

mirai

Botnet

UNSTABLE

C2

cnc.stressamp.com

Targets

- Target
  
  x86_64.elf
- Size
  
  76KB
- MD5
  
  e0c97162b569c195d2977c041f33531f
- SHA1
  
  a5a5b4aaa7074aab71308e4b4a7f0f5eefbcebc1
- SHA256
  
  38dda6d58ce21c4ac1d1f72e0b8721be0a944ea8669b60fa6772622b1098a816
- SHA512
  
  20a8fcd1b3eff7cd18c04e384dd15dc8239a320a85e8b4ea15e594c32020f7c73b3d737439c19626520f2e255432593fc0264d91d47bfe5e970efd83a87ed0dd
- SSDEEP
  
  1536:ZA09XUYb8I7pliVKd0EbLjZWeqfh3X1mmeqYobYEW+uwIOTXDHSHC2gg:h9Xxz7pwQ9vZWemX1mmvYEgwI8WHC2gg
Score

7^/10

defense_evasion discovery
- Deletes itself
- Modifies Watchdog functionality
  Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.
  defense_evasion
- Writes file to system bin folder
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Impair Defenses

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

defense_evasiondiscovery