mirai | 6677aaf690db5421b84916584915e1afe210f255137f7cbdc09f861dcb59c35d | Triage

Sharing

General

Target

donk.arm7.elf
Size

156KB
Sample

250306-d6kbxaxqv3
MD5

7c79acf79fae6e1e2d298f054c72a988
SHA1

55da8827d11233b3ac02819ef41069ae1a3aeeec
SHA256

6677aaf690db5421b84916584915e1afe210f255137f7cbdc09f861dcb59c35d
SHA512

17266b46198d6248829e1dbc8aceaf73786e629b4c4d19c367e8fe1d6fb1e07df5a5d392a6971f48c4e8ccc632b205b141509f057e5d55dc66e9a563288fb646
SSDEEP

3072:5VA0TrpnQ6nuMaIaHKk+dIcVsbLGT+h4ZjSs/dM/9Sh/mswMVQR:3A0TrpQNpIaHKk+dIQsSWkjSsFM/9e/s

Score

10^/10

mirai demons defense_evasion discovery

Malware Config

Extracted

Family

mirai

Botnet

DEMONS

Targets

- Target
  
  donk.arm7.elf
- Size
  
  156KB
- MD5
  
  7c79acf79fae6e1e2d298f054c72a988
- SHA1
  
  55da8827d11233b3ac02819ef41069ae1a3aeeec
- SHA256
  
  6677aaf690db5421b84916584915e1afe210f255137f7cbdc09f861dcb59c35d
- SHA512
  
  17266b46198d6248829e1dbc8aceaf73786e629b4c4d19c367e8fe1d6fb1e07df5a5d392a6971f48c4e8ccc632b205b141509f057e5d55dc66e9a563288fb646
- SSDEEP
  
  3072:5VA0TrpnQ6nuMaIaHKk+dIcVsbLGT+h4ZjSs/dM/9Sh/mswMVQR:3A0TrpQNpIaHKk+dIQsSWkjSsFM/9e/s
Score

7^/10

defense_evasion discovery
- Modifies Watchdog functionality
  Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.
  defense_evasion
- Enumerates active TCP sockets
  Gets active TCP sockets from /proc virtual filesystem.
  discovery
- Writes file to system bin folder
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Impair Defenses

Credential Access

Discovery

System Network Configuration Discovery

Internet Connection Discovery

System Network Connections Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

defense_evasiondiscovery