Overview

overview

10

Static

static

10

nabx86.elf

ubuntu-24.04-amd64

9

Sharing

Copy URL
Twitter E-mail

General

  • Target

    nabx86.elf

  • Size

    33KB

  • Sample

    250201-qzv62svjfs

  • MD5

    e51e5ad5ab2f56f44eeee5c3e6383107

  • SHA1

    3190ef741256308fa4f53a4f05c699207515a641

  • SHA256

    ef2c1fb3021bd5fdd2a2a666dfea2129b6c40e7028a950899177c69eadf2c226

  • SHA512

    a5c2ced3712937db0d7ac0779ca33017ac7f5e9fcd5f6f23c9f4ad7042409a95c7a6b32c51ea47b668d305428f66eed3717b7639e800ef074e2bcb999906b785

  • SSDEEP

    768:Tjha+4zu8iCkF3zA1NwZMj+nWZZAxPUmLii:TjhaBaXMHg0+nWZZiMmLii

Score
10/10
miraibotnetdiscoverylinuxrootkit

Malware Config

Extracted

Family

mirai

Botnet

BOTNET

Targets

    • Target

      nabx86.elf

    • Size

      33KB

    • MD5

      e51e5ad5ab2f56f44eeee5c3e6383107

    • SHA1

      3190ef741256308fa4f53a4f05c699207515a641

    • SHA256

      ef2c1fb3021bd5fdd2a2a666dfea2129b6c40e7028a950899177c69eadf2c226

    • SHA512

      a5c2ced3712937db0d7ac0779ca33017ac7f5e9fcd5f6f23c9f4ad7042409a95c7a6b32c51ea47b668d305428f66eed3717b7639e800ef074e2bcb999906b785

    • SSDEEP

      768:Tjha+4zu8iCkF3zA1NwZMj+nWZZAxPUmLii:TjhaBaXMHg0+nWZZiMmLii

    Score
    9/10
    discoveryrootkit

    • Contacts a large (6704) amount of remote hosts

      This may indicate a network scan to discover remotely running services.

      discovery

    • Loads a kernel module

      Loads a Linux kernel module, potentially to achieve persistence

      rootkit

    • Unexpected DNS network traffic destination

      Network traffic to other servers than the configured DNS servers was detected on the DNS port.

    • Creates a large amount of network flows

      This may indicate a network scan to discover remotely running services.

      discovery
    behavioral1

MITRE ATT&CK Enterprise v15

Tasks