mirai | 6389f18ae50cc9dc8e1eef30eced0a44b1d77ad27d4862daa01f7e4ff54b9474 | Triage

Sharing

General

Target

mpsl.b.elf
Size

106KB
Sample

250202-v4egbasjbt
MD5

56820e418dc7fff0b3c057235e6f245a
SHA1

b2999154db9183a76c8b43899423e04ae71ab78b
SHA256

6389f18ae50cc9dc8e1eef30eced0a44b1d77ad27d4862daa01f7e4ff54b9474
SHA512

54ada7d83be974a2eb0faa475cc1d3c5e5e2eb366ca073672217ca2dd90aef69c6b332ac3539b827ae19212d6ca8736edcff4be9ca95b078b53ee5f75fd3c70c
SSDEEP

1536:wAxCZNOM+AZzOMlWJdZqnkj5Y6oPHqa+F1ormJgjkZXpo3LVTB6:wAxCZAMXZznu/qktLCH4oqJgwZZj

Score

10^/10

mirai amen credential_access defense_evasion

Malware Config

Extracted

Family

mirai

Botnet

AMEN

Targets

- Target
  
  mpsl.b.elf
- Size
  
  106KB
- MD5
  
  56820e418dc7fff0b3c057235e6f245a
- SHA1
  
  b2999154db9183a76c8b43899423e04ae71ab78b
- SHA256
  
  6389f18ae50cc9dc8e1eef30eced0a44b1d77ad27d4862daa01f7e4ff54b9474
- SHA512
  
  54ada7d83be974a2eb0faa475cc1d3c5e5e2eb366ca073672217ca2dd90aef69c6b332ac3539b827ae19212d6ca8736edcff4be9ca95b078b53ee5f75fd3c70c
- SSDEEP
  
  1536:wAxCZNOM+AZzOMlWJdZqnkj5Y6oPHqa+F1ormJgjkZXpo3LVTB6:wAxCZAMXZznu/qktLCH4oqJgwZZj
Score

7^/10

credential_access defense_evasion
- Modifies Watchdog functionality
  Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.
  defense_evasion
- Traces itself
  Traces itself to prevent debugging attempts
- Reads process memory
  Read the memory of a process through the /proc virtual filesystem. This can be used to steal credentials.
  credential_access
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Impair Defenses

Credential Access

OS Credential Dumping

Proc Filesystem

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

credential_accessdefense_evasion