mirai | 4225d0fed3b6f624aa5001401e08180a3c50d9c110d3ba644ab01ec21b9b3c24 | Triage

Sharing

General

Target

mpsl.elf
Size

106KB
Sample

250131-r67zvs1jdj
MD5

342353c382335121f45b9b60f14281d6
SHA1

00261bc8677ce1b9032065f4ed91e3447aae169d
SHA256

4225d0fed3b6f624aa5001401e08180a3c50d9c110d3ba644ab01ec21b9b3c24
SHA512

79e0fa56fe33f69554153bc336907c4dadba33dff7bbd53582192f880c343e4e71f5cf5e0f9a3fe7e2018184350aadbd5b07bf307093732e48532d06ea8294c9
SSDEEP

1536:KqBNhh/i4/6lTP2Rth+UbsIstXdMFWItzfiwZe1c8UNRIMu7G:KqBNhh/i4/6ls2IZtbiw1TNu7

Score

10^/10

mirai unstable defense_evasion discovery

Malware Config

Extracted

Family

mirai

Botnet

UNSTABLE

Targets

- Target
  
  mpsl.elf
- Size
  
  106KB
- MD5
  
  342353c382335121f45b9b60f14281d6
- SHA1
  
  00261bc8677ce1b9032065f4ed91e3447aae169d
- SHA256
  
  4225d0fed3b6f624aa5001401e08180a3c50d9c110d3ba644ab01ec21b9b3c24
- SHA512
  
  79e0fa56fe33f69554153bc336907c4dadba33dff7bbd53582192f880c343e4e71f5cf5e0f9a3fe7e2018184350aadbd5b07bf307093732e48532d06ea8294c9
- SSDEEP
  
  1536:KqBNhh/i4/6lTP2Rth+UbsIstXdMFWItzfiwZe1c8UNRIMu7G:KqBNhh/i4/6ls2IZtbiw1TNu7
Score

7^/10

defense_evasion discovery
- Deletes itself
- Modifies Watchdog functionality
  Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.
  defense_evasion
- Writes file to system bin folder
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Impair Defenses

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

defense_evasiondiscovery