mirai | 2ff81e6c4d5d914652cf18225e6dfbdd6e70b03eb94b7218eb3ecd1a1d9fcf09 | Triage

Submit
Reports

Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

Static

static

arm7.elf

debian-9-armhf

9

Sharing

General

Target

arm7.elf
Size

176KB
Sample

250304-appnhstxhw
MD5

6d9b4dcc2c4b2637afc33319812aa90f
SHA1

d80a6578c832c51f43492e2be770d2945816fdb8
SHA256

2ff81e6c4d5d914652cf18225e6dfbdd6e70b03eb94b7218eb3ecd1a1d9fcf09
SHA512

d84acabcbe7243b1b2e0c08ec52683cb393dd7a97ab5b5c880b5a30415365e67aeff69c22d5438250b90674f8bcbdf5d93e0a4ecbf55367bce4e8e92f820455d
SSDEEP

3072:nXsaq0wQFD2URQlMpChL6fmffpagi/12kwwT738vRRIx+ZI1M/9TnMRQ:nXsaLwQFyURmMA6Mpagi/12NwM5ax+ZX

Score

10^/10

mirai owari defense_evasion discovery

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

arm7.elf

Resource

debian9-armhf-20240729-en

defense_evasion discovery

debian-9-armhf

6 signatures

150 seconds

Malware Config

Extracted

Family

mirai

Botnet

OWARI

Targets

- Target
  
  arm7.elf
- Size
  
  176KB
- MD5
  
  6d9b4dcc2c4b2637afc33319812aa90f
- SHA1
  
  d80a6578c832c51f43492e2be770d2945816fdb8
- SHA256
  
  2ff81e6c4d5d914652cf18225e6dfbdd6e70b03eb94b7218eb3ecd1a1d9fcf09
- SHA512
  
  d84acabcbe7243b1b2e0c08ec52683cb393dd7a97ab5b5c880b5a30415365e67aeff69c22d5438250b90674f8bcbdf5d93e0a4ecbf55367bce4e8e92f820455d
- SSDEEP
  
  3072:nXsaq0wQFD2URQlMpChL6fmffpagi/12kwwT738vRRIx+ZI1M/9TnMRQ:nXsaLwQFyURmMA6Mpagi/12NwM5ax+ZX
Score

9^/10

defense_evasion discovery
- Contacts a large (222273) amount of remote hosts
  This may indicate a network scan to discover remotely running services.
  discovery
- Creates a large amount of network flows
  This may indicate a network scan to discover remotely running services.
  discovery
- Modifies Watchdog functionality
  Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.
  defense_evasion
- Enumerates running processes
  Discovers information about currently running processes on the system
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Impair Defenses

Credential Access

Discovery

Network Service Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

defense_evasiondiscovery

© 2018-2025

Terms | Privacy