mirai | 740201329b2951b3dee53cbb8679f74050e0949e9432db1a325aeac33abd6650 | Triage

Sharing

General

Target

arm7.b.elf
Size

120KB
Sample

250202-v4gaxatqaj
MD5

2734d9008d7a36aa87b2efb102f23ff0
SHA1

fe9b50ecebc12727d264cce35aa6320edb19679a
SHA256

740201329b2951b3dee53cbb8679f74050e0949e9432db1a325aeac33abd6650
SHA512

517053e5fd0f5895c4a2b191b3a45f08f10f8b2fe42a9c337576f8f6e36cc0bcf476ea761b01ef71c82844f978cb74d407d8c53c2977f432c9c3383ecb923059
SSDEEP

1536:+SntBSk+8hwl3nlBSDx1PayWs+9xCk9lDyiuyy9kzYzmsODsZzw/9lY+h7W+hA:T0gylyx1PayWs+9tCyy9+YzhOWM/9qYG

Score

10^/10

mirai amen credential_access defense_evasion

Malware Config

Extracted

Family

mirai

Botnet

AMEN

Targets

- Target
  
  arm7.b.elf
- Size
  
  120KB
- MD5
  
  2734d9008d7a36aa87b2efb102f23ff0
- SHA1
  
  fe9b50ecebc12727d264cce35aa6320edb19679a
- SHA256
  
  740201329b2951b3dee53cbb8679f74050e0949e9432db1a325aeac33abd6650
- SHA512
  
  517053e5fd0f5895c4a2b191b3a45f08f10f8b2fe42a9c337576f8f6e36cc0bcf476ea761b01ef71c82844f978cb74d407d8c53c2977f432c9c3383ecb923059
- SSDEEP
  
  1536:+SntBSk+8hwl3nlBSDx1PayWs+9xCk9lDyiuyy9kzYzmsODsZzw/9lY+h7W+hA:T0gylyx1PayWs+9tCyy9+YzhOWM/9qYG
Score

7^/10

credential_access defense_evasion
- Modifies Watchdog functionality
  Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.
  defense_evasion
- Traces itself
  Traces itself to prevent debugging attempts
- Reads process memory
  Read the memory of a process through the /proc virtual filesystem. This can be used to steal credentials.
  credential_access
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Impair Defenses

Credential Access

OS Credential Dumping

Proc Filesystem

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

credential_accessdefense_evasion