mirai | e266570dae1449acf92128e8dccd9694b61e6136d989aaf47300a95120cea9c5 | Triage

Sharing

General

Target

e266570dae1449acf92128e8dccd9694b61e6136d989aaf47300a95120cea9c5.elf
Size

87KB
Sample

250202-frzjdsymfn
MD5

aff50d366158980018254381ec62bbb1
SHA1

09519da0e4dcc4dce6009610c782975830153b8c
SHA256

e266570dae1449acf92128e8dccd9694b61e6136d989aaf47300a95120cea9c5
SHA512

e3089becf7fc8eb8bb597bc45405559a00182fb1ef21b83e04a5c1abf067b0faeb1567729a7b53ebb9eed6d3d8478c3b1c19c4b4e13c2980fc44ff00d77414fa
SSDEEP

1536:8O7tFyZ8aR0aIOBSiDZv9blJoe2mo2xZsOZtsV96mVx:/7tFyeaR0an1bToe5xYV5Vx

Score

10^/10

mirai defense_evasion

Malware Config

Extracted

Family

mirai

C2

kurwa.barsoeb.space

Targets

- Target
  
  e266570dae1449acf92128e8dccd9694b61e6136d989aaf47300a95120cea9c5.elf
- Size
  
  87KB
- MD5
  
  aff50d366158980018254381ec62bbb1
- SHA1
  
  09519da0e4dcc4dce6009610c782975830153b8c
- SHA256
  
  e266570dae1449acf92128e8dccd9694b61e6136d989aaf47300a95120cea9c5
- SHA512
  
  e3089becf7fc8eb8bb597bc45405559a00182fb1ef21b83e04a5c1abf067b0faeb1567729a7b53ebb9eed6d3d8478c3b1c19c4b4e13c2980fc44ff00d77414fa
- SSDEEP
  
  1536:8O7tFyZ8aR0aIOBSiDZv9blJoe2mo2xZsOZtsV96mVx:/7tFyeaR0an1bToe5xYV5Vx
Score

7^/10

defense_evasion
- Deletes itself
- Modifies Watchdog functionality
  Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.
  defense_evasion
- Traces itself
  Traces itself to prevent debugging attempts
- Writes file to system bin folder
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Impair Defenses

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

defense_evasion