mirai | 3179295bcfdfe05649b48bdeb03f86fd72a2c4414da58740ad7e5f881c94cc03 | Triage

Sharing

General

Target

.Sarm.elf
Size

69KB
Sample

250201-zg53zazjgt
MD5

219075688bc6cef9a9ca8867ed6b779a
SHA1

b9441c919cba775ec32ad4d94d02f56b3f100290
SHA256

3179295bcfdfe05649b48bdeb03f86fd72a2c4414da58740ad7e5f881c94cc03
SHA512

b6f13eae7db84aa675465e1b5de0dfe7265c183925c9094902c4bc44d9c88a4462c910bb4a275f23ab3e0938ad76c600090385eefcb48bd766ff5dbd180fa3b7
SSDEEP

1536:oKMsKzlnbkClERF0LPGmSsdV/OQvZ54Lr72muf0vy:oKGZGmSKJZ6n2sy

Score

10^/10

mirai defense_evasion

Malware Config

Extracted

Family

mirai

C2

kurwa.barsoeb.space

Targets

- Target
  
  .Sarm.elf
- Size
  
  69KB
- MD5
  
  219075688bc6cef9a9ca8867ed6b779a
- SHA1
  
  b9441c919cba775ec32ad4d94d02f56b3f100290
- SHA256
  
  3179295bcfdfe05649b48bdeb03f86fd72a2c4414da58740ad7e5f881c94cc03
- SHA512
  
  b6f13eae7db84aa675465e1b5de0dfe7265c183925c9094902c4bc44d9c88a4462c910bb4a275f23ab3e0938ad76c600090385eefcb48bd766ff5dbd180fa3b7
- SSDEEP
  
  1536:oKMsKzlnbkClERF0LPGmSsdV/OQvZ54Lr72muf0vy:oKGZGmSKJZ6n2sy
Score

7^/10

defense_evasion
- Deletes itself
- Modifies Watchdog functionality
  Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.
  defense_evasion
- Traces itself
  Traces itself to prevent debugging attempts
- Writes file to system bin folder
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Impair Defenses

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

defense_evasion