mirai | acd3c8b0b1ca433037786c16fd2445fbf96bc361d95b892504880f96b59c436d | Triage

Sharing

General

Target

Hilix.mips.elf
Size

71KB
Sample

250218-hvpjpszlx2
MD5

200e03d27fc14205a10f0d5a030475d9
SHA1

188c13983b81ed439c8f0cc12039b465ba6616ca
SHA256

acd3c8b0b1ca433037786c16fd2445fbf96bc361d95b892504880f96b59c436d
SHA512

af4e5976ca65a8d00654e762593a952549cbbb3f70c42540f450a6698b36378c09a2d183692a77233e0c78d92b2774ea7a200babfb5839b30c1cf7dfeafb3c89
SSDEEP

1536:TqmI7+0xc/thwHhPAgOV1/HfYLaBzFrtUJsn9:Wmcm/7I1OV1/QOzFr6Jsn9

Score

10^/10

mirai sora defense_evasion discovery

Malware Config

Extracted

Family

mirai

Botnet

SORA

Targets

- Target
  
  Hilix.mips.elf
- Size
  
  71KB
- MD5
  
  200e03d27fc14205a10f0d5a030475d9
- SHA1
  
  188c13983b81ed439c8f0cc12039b465ba6616ca
- SHA256
  
  acd3c8b0b1ca433037786c16fd2445fbf96bc361d95b892504880f96b59c436d
- SHA512
  
  af4e5976ca65a8d00654e762593a952549cbbb3f70c42540f450a6698b36378c09a2d183692a77233e0c78d92b2774ea7a200babfb5839b30c1cf7dfeafb3c89
- SSDEEP
  
  1536:TqmI7+0xc/thwHhPAgOV1/HfYLaBzFrtUJsn9:Wmcm/7I1OV1/QOzFr6Jsn9
Score

9^/10

defense_evasion discovery
- Contacts a large (56059) amount of remote hosts
  This may indicate a network scan to discover remotely running services.
  discovery
- Creates a large amount of network flows
  This may indicate a network scan to discover remotely running services.
  discovery
- Modifies Watchdog functionality
  Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.
  defense_evasion
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Impair Defenses

Credential Access

Discovery

Network Service Discovery

System Network Configuration Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

defense_evasiondiscovery