mirai | 81ef4b40b3f773c917fca326891db8bd2a93d6a5e70d9af134f2bbb9067b9029 | Triage

Sharing

General

Target

81ef4b40b3f773c917fca326891db8bd2a93d6a5e70d9af134f2bbb9067b9029.elf
Size

148KB
Sample

250202-e7bxlaxmaj
MD5

f42402650bc84560f44093cf853f9775
SHA1

c78599a747c65e2e82837048c5463875a025d6cf
SHA256

81ef4b40b3f773c917fca326891db8bd2a93d6a5e70d9af134f2bbb9067b9029
SHA512

b95c0ceb1ebd831a9234048a220b87ea34db6b4603647b339b60b0f6fd8755bab1d792a2ec749e9dad7f0acfc5f801d3a27f24dd7c575ecad86895e80ae20515
SSDEEP

3072:NAzvfNO6WaLZRgLylU7dGzukTfHegMnM/9HpQZJ2Rp:Y1XWaLZRgLylKd6LHeg0M/9O2Rp

Score

10^/10

mirai defense_evasion

Malware Config

Extracted

Family

mirai

C2

kurwa.barsoeb.space

Targets

- Target
  
  81ef4b40b3f773c917fca326891db8bd2a93d6a5e70d9af134f2bbb9067b9029.elf
- Size
  
  148KB
- MD5
  
  f42402650bc84560f44093cf853f9775
- SHA1
  
  c78599a747c65e2e82837048c5463875a025d6cf
- SHA256
  
  81ef4b40b3f773c917fca326891db8bd2a93d6a5e70d9af134f2bbb9067b9029
- SHA512
  
  b95c0ceb1ebd831a9234048a220b87ea34db6b4603647b339b60b0f6fd8755bab1d792a2ec749e9dad7f0acfc5f801d3a27f24dd7c575ecad86895e80ae20515
- SSDEEP
  
  3072:NAzvfNO6WaLZRgLylU7dGzukTfHegMnM/9HpQZJ2Rp:Y1XWaLZRgLylKd6LHeg0M/9O2Rp
Score

7^/10

defense_evasion
- Deletes itself
- Modifies Watchdog functionality
  Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.
  defense_evasion
- Traces itself
  Traces itself to prevent debugging attempts
- Writes file to system bin folder
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Impair Defenses

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

defense_evasion