mirai | c3c62ccf4e60fce17502a61136ff6a4e545bbca29182c1446af400b30125352d | Triage

Sharing

General

Target

mpsl.elf
Size

74KB
Sample

250215-q9qz3s1rgk
MD5

6843a7ec3a0286a499d7f08821e90c6b
SHA1

9652e86a19685ab33fdcfde34fbd3613835a9a0b
SHA256

c3c62ccf4e60fce17502a61136ff6a4e545bbca29182c1446af400b30125352d
SHA512

e52726fba735904c39c2be41d6317c0940e59f3a608c5ebb139ba792f7f202a12213d32bbebf54ab8e1dfcf9cc16bd824f7189a0ddd6085d540bb595c82b8557
SSDEEP

768:e719z4E0HSU0KKOljuNUXyYBkY9/Ye+5WaeDedlemQNv/ZScX/XiPQmeDXAS:ep9z4Hz0JQ9wdh+YlVQNHZScX0ekS

Score

10^/10

mirai kurc defense_evasion discovery

Malware Config

Extracted

Family

mirai

Botnet

KURC

Targets

- Target
  
  mpsl.elf
- Size
  
  74KB
- MD5
  
  6843a7ec3a0286a499d7f08821e90c6b
- SHA1
  
  9652e86a19685ab33fdcfde34fbd3613835a9a0b
- SHA256
  
  c3c62ccf4e60fce17502a61136ff6a4e545bbca29182c1446af400b30125352d
- SHA512
  
  e52726fba735904c39c2be41d6317c0940e59f3a608c5ebb139ba792f7f202a12213d32bbebf54ab8e1dfcf9cc16bd824f7189a0ddd6085d540bb595c82b8557
- SSDEEP
  
  768:e719z4E0HSU0KKOljuNUXyYBkY9/Ye+5WaeDedlemQNv/ZScX/XiPQmeDXAS:ep9z4Hz0JQ9wdh+YlVQNHZScX0ekS
Score

9^/10

defense_evasion discovery
- Contacts a large (23838) amount of remote hosts
  This may indicate a network scan to discover remotely running services.
  discovery
- Creates a large amount of network flows
  This may indicate a network scan to discover remotely running services.
  discovery
- Modifies Watchdog functionality
  Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.
  defense_evasion
- Writes file to system bin folder
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Impair Defenses

Credential Access

Discovery

Network Service Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

defense_evasiondiscovery