mirai | ae9421654fd6cbd8ddbf85ba86c8a69bcdeea6a4636f8d70a4a5b0a9d7dbabf4 | Triage

Sharing

General

Target

ae9421654fd6cbd8ddbf85ba86c8a69bcdeea6a4636f8d70a4a5b0a9d7dbabf4.elf
Size

62KB
Sample

250202-ffqr4swncv
MD5

74245827038cff4516dd63a9f7ffd2e9
SHA1

8e718e98a7adc1977bd2a6b98664952a14434bd9
SHA256

ae9421654fd6cbd8ddbf85ba86c8a69bcdeea6a4636f8d70a4a5b0a9d7dbabf4
SHA512

08865640725d01dc8731afcc69e9a2e26c8b41172cf2ea41bcc852295bc283fed88c984080174fa43727d99c021117808a384902cb4713a445ee313ba762ac0f
SSDEEP

768:icPMINixzSfNNgDwexT5t4qaRHwRUYt9I8HnKfQuRYlyB5BOBaB1BcBzBB/0KXyV:dNp0DwET5Iv6p0KXyGkc1z97pk

Score

10^/10

mirai defense_evasion

Malware Config

Targets

- Target
  
  ae9421654fd6cbd8ddbf85ba86c8a69bcdeea6a4636f8d70a4a5b0a9d7dbabf4.elf
- Size
  
  62KB
- MD5
  
  74245827038cff4516dd63a9f7ffd2e9
- SHA1
  
  8e718e98a7adc1977bd2a6b98664952a14434bd9
- SHA256
  
  ae9421654fd6cbd8ddbf85ba86c8a69bcdeea6a4636f8d70a4a5b0a9d7dbabf4
- SHA512
  
  08865640725d01dc8731afcc69e9a2e26c8b41172cf2ea41bcc852295bc283fed88c984080174fa43727d99c021117808a384902cb4713a445ee313ba762ac0f
- SSDEEP
  
  768:icPMINixzSfNNgDwexT5t4qaRHwRUYt9I8HnKfQuRYlyB5BOBaB1BcBzBB/0KXyV:dNp0DwET5Iv6p0KXyGkc1z97pk
Score

7^/10

defense_evasion
- Deletes itself
- Modifies Watchdog functionality
  Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.
  defense_evasion
- Renames itself
- Unexpected DNS network traffic destination
  Network traffic to other servers than the configured DNS servers was detected on the DNS port.
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Impair Defenses

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

defense_evasion