mirai | e5cb7442c1e2bc9a59fd9115694d65a6ae89dade2cb723e08f51a2e4ef3b3a26 | Triage

Sharing

General

Target

e5cb7442c1e2bc9a59fd9115694d65a6ae89dade2cb723e08f51a2e4ef3b3a26.elf
Size

87KB
Sample

250202-fsxfesynbp
MD5

2f845405d6a5a305e6bc84b82353ae81
SHA1

4bae25c4681d8547f6e11a846bc4ccc4c79060e5
SHA256

e5cb7442c1e2bc9a59fd9115694d65a6ae89dade2cb723e08f51a2e4ef3b3a26
SHA512

f837d28bce8324b06be46793277e5b9c663e79f4a113e7799a52e7dcce8d5ca7b55111ac91d7f4adbbe7841a2f64ffe7f58778d1a8a7bbbc73f89b05bc1c9c92
SSDEEP

1536:jLTxVP+Yrl/sqNYHjdLMD55Ksedksba5oaivWe5QoZg:/TxZ+YZnassfba5oaSYou

Score

10^/10

mirai defense_evasion

Malware Config

Extracted

Family

mirai

C2

kurwa.barsoeb.space

Targets

- Target
  
  e5cb7442c1e2bc9a59fd9115694d65a6ae89dade2cb723e08f51a2e4ef3b3a26.elf
- Size
  
  87KB
- MD5
  
  2f845405d6a5a305e6bc84b82353ae81
- SHA1
  
  4bae25c4681d8547f6e11a846bc4ccc4c79060e5
- SHA256
  
  e5cb7442c1e2bc9a59fd9115694d65a6ae89dade2cb723e08f51a2e4ef3b3a26
- SHA512
  
  f837d28bce8324b06be46793277e5b9c663e79f4a113e7799a52e7dcce8d5ca7b55111ac91d7f4adbbe7841a2f64ffe7f58778d1a8a7bbbc73f89b05bc1c9c92
- SSDEEP
  
  1536:jLTxVP+Yrl/sqNYHjdLMD55Ksedksba5oaivWe5QoZg:/TxZ+YZnassfba5oaSYou
Score

7^/10

defense_evasion
- Deletes itself
- Modifies Watchdog functionality
  Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.
  defense_evasion
- Traces itself
  Traces itself to prevent debugging attempts
- Writes file to system bin folder
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Impair Defenses

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

defense_evasion