mirai | 3eef3948e820ff97ae864c4aafe66ea16de138d302ab1be156fcf73943af9d82 | Triage

Sharing

General

Target

EdiAf.arm7.elf
Size

154KB
Sample

250203-md2j6ayjdy
MD5

10f52ddae53bb05198a7d7db4bce03f0
SHA1

585069a2d6acf63fa009e9d4e3d69aea08e76996
SHA256

3eef3948e820ff97ae864c4aafe66ea16de138d302ab1be156fcf73943af9d82
SHA512

b3c2ddcf831ffc1248f0bdde1d0a3c4fbe9e344eab0900d792efdddd0705e0b6b401170f2bcd3b543f7aea87b35218e76e38b58637600fbc5cbf5ccee7d82271
SSDEEP

3072:1diyInIdhuXk0vOP3a1akbrea47vYzfMu1b5ZHXoIXM/9yNLoBc:1diyq0IP11aYrea47wzdnHXocM/9j+

Score

10^/10

mirai unstable defense_evasion discovery

Malware Config

Extracted

Family

mirai

Botnet

UNSTABLE

C2

srv.vlrt-gap.com

Targets

- Target
  
  EdiAf.arm7.elf
- Size
  
  154KB
- MD5
  
  10f52ddae53bb05198a7d7db4bce03f0
- SHA1
  
  585069a2d6acf63fa009e9d4e3d69aea08e76996
- SHA256
  
  3eef3948e820ff97ae864c4aafe66ea16de138d302ab1be156fcf73943af9d82
- SHA512
  
  b3c2ddcf831ffc1248f0bdde1d0a3c4fbe9e344eab0900d792efdddd0705e0b6b401170f2bcd3b543f7aea87b35218e76e38b58637600fbc5cbf5ccee7d82271
- SSDEEP
  
  3072:1diyInIdhuXk0vOP3a1akbrea47vYzfMu1b5ZHXoIXM/9yNLoBc:1diyq0IP11aYrea47wzdnHXocM/9j+
Score

7^/10

defense_evasion discovery
- Deletes itself
- Modifies Watchdog functionality
  Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.
  defense_evasion
- Writes file to system bin folder
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Impair Defenses

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

defense_evasiondiscovery