mirai | a6c59e3347982e3f37b9785910af1e6879f24ae91c7461043d86308651a0e16f | Triage

Sharing

General

Target

a6c59e3347982e3f37b9785910af1e6879f24ae91c7461043d86308651a0e16f.elf
Size

71KB
Sample

250202-fd93zawmfw
MD5

4c0725b09a3315b154f27659636ec08a
SHA1

0af8abf486fb04a3cc300c83449de61d98c775b1
SHA256

a6c59e3347982e3f37b9785910af1e6879f24ae91c7461043d86308651a0e16f
SHA512

fd2832b55375ff5091285e9bfc4e8c8478d8028fd40e8f14d6a053ad5bbeb511eead925aea19b33cdda0a851a1b444fd01b42eede96ce1ccc715eff1e4d17c2e
SSDEEP

1536:FQnTL3+lI/A0hBZN86OrhSW1DXMHODMxC6yPimg979l9aigHwJfR5:U+q/pZFuJxXMuDMxC6yPimQWwJ5

Score

10^/10

mirai botnet defense_evasion

Malware Config

Extracted

Family

mirai

Botnet

BOTNET

Targets

- Target
  
  a6c59e3347982e3f37b9785910af1e6879f24ae91c7461043d86308651a0e16f.elf
- Size
  
  71KB
- MD5
  
  4c0725b09a3315b154f27659636ec08a
- SHA1
  
  0af8abf486fb04a3cc300c83449de61d98c775b1
- SHA256
  
  a6c59e3347982e3f37b9785910af1e6879f24ae91c7461043d86308651a0e16f
- SHA512
  
  fd2832b55375ff5091285e9bfc4e8c8478d8028fd40e8f14d6a053ad5bbeb511eead925aea19b33cdda0a851a1b444fd01b42eede96ce1ccc715eff1e4d17c2e
- SSDEEP
  
  1536:FQnTL3+lI/A0hBZN86OrhSW1DXMHODMxC6yPimg979l9aigHwJfR5:U+q/pZFuJxXMuDMxC6yPimQWwJ5
Score

7^/10

defense_evasion
- Deletes itself
- Modifies Watchdog functionality
  Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.
  defense_evasion
- Renames itself
- Unexpected DNS network traffic destination
  Network traffic to other servers than the configured DNS servers was detected on the DNS port.
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Impair Defenses

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

defense_evasion