mirai | 11e04378d81ef3bc3d59cbd0f714f5cb70efe1c4e317a605284f972d695935c2 | Triage

Sharing

General

Target

kre4per.arm.elf
Size

62KB
Sample

250216-ta4zfaskfx
MD5

f2b6a5d0f3041e244ca8478c5d8a3426
SHA1

0d2a6e8346f46a44834738f04791ec1bbba2050a
SHA256

11e04378d81ef3bc3d59cbd0f714f5cb70efe1c4e317a605284f972d695935c2
SHA512

53dc5e83a2e7a199d235739ed2e595a8e3e0e81eed0db3faba46815c1ea251b78da1382f815baf0452d9dcb2f2376fc1d7dec9a17b5dfe8f084122138b5bb1f6
SSDEEP

1536:1PdIMPcUTCRfRpbY20ybvLzi+lG9Wcq8tJtZ6d42+:1PP14AeziKG9bqsJtZO

Score

10^/10

mirai kurc defense_evasion discovery

Malware Config

Extracted

Family

mirai

Botnet

KURC

Targets

- Target
  
  kre4per.arm.elf
- Size
  
  62KB
- MD5
  
  f2b6a5d0f3041e244ca8478c5d8a3426
- SHA1
  
  0d2a6e8346f46a44834738f04791ec1bbba2050a
- SHA256
  
  11e04378d81ef3bc3d59cbd0f714f5cb70efe1c4e317a605284f972d695935c2
- SHA512
  
  53dc5e83a2e7a199d235739ed2e595a8e3e0e81eed0db3faba46815c1ea251b78da1382f815baf0452d9dcb2f2376fc1d7dec9a17b5dfe8f084122138b5bb1f6
- SSDEEP
  
  1536:1PdIMPcUTCRfRpbY20ybvLzi+lG9Wcq8tJtZ6d42+:1PP14AeziKG9bqsJtZO
Score

9^/10

defense_evasion discovery
- Contacts a large (117356) amount of remote hosts
  This may indicate a network scan to discover remotely running services.
  discovery
- Creates a large amount of network flows
  This may indicate a network scan to discover remotely running services.
  discovery
- Modifies Watchdog functionality
  Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.
  defense_evasion
- Writes file to system bin folder
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Impair Defenses

Credential Access

Discovery

Network Service Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

defense_evasiondiscovery