mirai | 3feb2e2c4896a4a8bf21dae2017ff9b4fd8cb06e77f0252de6633f8031786a39 | Triage

Sharing

General

Target

amen.x86.elf
Size

88KB
Sample

250202-v4d6jstphl
MD5

6b79ee295f456b310374e5cc1d17c493
SHA1

c69861532ab3892f0b9fd6d2b5c76c64961217ce
SHA256

3feb2e2c4896a4a8bf21dae2017ff9b4fd8cb06e77f0252de6633f8031786a39
SHA512

c1138b5c5483432ca207a73f19c384ccce3dc87aae88ab2e20d52f3a45e863c861ab3e31f81487eeed52ab6bc7c8f369ac1f6c89da9865cb71393e237f6cde4a
SSDEEP

1536:OdCeP8YMYJ/kgOhVcJAIYbQbZDs7LZeF4ebpdtJ7mUvV+lK:uCePv/Jcg4VcJAIOFL5ctmUvoK

Score

10^/10

mirai amen discovery linux rootkit

Malware Config

Extracted

Family

mirai

Botnet

AMEN

Targets

- Target
  
  amen.x86.elf
- Size
  
  88KB
- MD5
  
  6b79ee295f456b310374e5cc1d17c493
- SHA1
  
  c69861532ab3892f0b9fd6d2b5c76c64961217ce
- SHA256
  
  3feb2e2c4896a4a8bf21dae2017ff9b4fd8cb06e77f0252de6633f8031786a39
- SHA512
  
  c1138b5c5483432ca207a73f19c384ccce3dc87aae88ab2e20d52f3a45e863c861ab3e31f81487eeed52ab6bc7c8f369ac1f6c89da9865cb71393e237f6cde4a
- SSDEEP
  
  1536:OdCeP8YMYJ/kgOhVcJAIYbQbZDs7LZeF4ebpdtJ7mUvV+lK:uCePv/Jcg4VcJAIOFL5ctmUvoK
Score

9^/10

discovery rootkit
- Contacts a large (183178) amount of remote hosts
  This may indicate a network scan to discover remotely running services.
  discovery
- Creates a large amount of network flows
  This may indicate a network scan to discover remotely running services.
  discovery
- Loads a kernel module
  Loads a Linux kernel module, potentially to achieve persistence
  rootkit
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Network Service Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

discoveryrootkit