mirai | ab397f1e5fdf38006613234f6d9fc1fdbb9abdf5bd591c2f19f9f4214fe251ad | Triage

Sharing

General

Target

arm4.elf
Size

56KB
Sample

250215-q1e68asmat
MD5

1dc37c35ce461fc75dc4ba90eb1c4cec
SHA1

42fda6bf16cd201ad1b10d31680f021605d32de9
SHA256

ab397f1e5fdf38006613234f6d9fc1fdbb9abdf5bd591c2f19f9f4214fe251ad
SHA512

cb6ebd5994e2239670489493e1b3e11851bf9c60b22cd521f3c647b6c9c76d24289fb0444520da0aa2a4b369377bae276639a0909ee45878fce660ec6a04e519
SSDEEP

1536:0krMPCKjMNIMDf/DKK78SBEcz83Jy5wdambeaY:0koK2pyEcoZyudambeaY

Score

10^/10

mirai kurc defense_evasion discovery

Malware Config

Extracted

Family

mirai

Botnet

KURC

Targets

- Target
  
  arm4.elf
- Size
  
  56KB
- MD5
  
  1dc37c35ce461fc75dc4ba90eb1c4cec
- SHA1
  
  42fda6bf16cd201ad1b10d31680f021605d32de9
- SHA256
  
  ab397f1e5fdf38006613234f6d9fc1fdbb9abdf5bd591c2f19f9f4214fe251ad
- SHA512
  
  cb6ebd5994e2239670489493e1b3e11851bf9c60b22cd521f3c647b6c9c76d24289fb0444520da0aa2a4b369377bae276639a0909ee45878fce660ec6a04e519
- SSDEEP
  
  1536:0krMPCKjMNIMDf/DKK78SBEcz83Jy5wdambeaY:0koK2pyEcoZyudambeaY
Score

9^/10

defense_evasion discovery
- Contacts a large (23199) amount of remote hosts
  This may indicate a network scan to discover remotely running services.
  discovery
- Creates a large amount of network flows
  This may indicate a network scan to discover remotely running services.
  discovery
- Modifies Watchdog functionality
  Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.
  defense_evasion
- Writes file to system bin folder
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Impair Defenses

Credential Access

Discovery

Network Service Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

defense_evasiondiscovery