mirai | 28b0113be18b774974228663cf5708a31b9847612e2accd0f37c54f79b3bb870 | Triage

Submit
Reports

Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

Static

static

1isequal9.arm7.elf

debian-9-armhf

9

Sharing

General

Target

1isequal9.arm7.elf
Size

140KB
Sample

250306-hdlrgs1wfw
MD5

e1d0b97db4f5c8387f6bd263e9eceedd
SHA1

48b4781ae7fd5ed015ac4a30b78d7a5b96123994
SHA256

28b0113be18b774974228663cf5708a31b9847612e2accd0f37c54f79b3bb870
SHA512

f3bef76e3d4a7fc61746dbdd617a828e1398848728794c7ee5129332114d0a6bac8ffe05d17f09b793fd1e1bef1bfc42a695daae6699a6d20de5e306915a8958
SSDEEP

3072:VYbSBlR85zjsTlYqNExIUXEOavkVQ/PcazWZSM/9vP/r:abuRuzjst7UXEOavoQMazZM/9vP/r

Score

10^/10

mirai credential_access defense_evasion discovery

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

1isequal9.arm7.elf

Resource

debian9-armhf-20240611-en

credential_access defense_evasion discovery

debian-9-armhf

7 signatures

150 seconds

Malware Config

Targets

- Target
  
  1isequal9.arm7.elf
- Size
  
  140KB
- MD5
  
  e1d0b97db4f5c8387f6bd263e9eceedd
- SHA1
  
  48b4781ae7fd5ed015ac4a30b78d7a5b96123994
- SHA256
  
  28b0113be18b774974228663cf5708a31b9847612e2accd0f37c54f79b3bb870
- SHA512
  
  f3bef76e3d4a7fc61746dbdd617a828e1398848728794c7ee5129332114d0a6bac8ffe05d17f09b793fd1e1bef1bfc42a695daae6699a6d20de5e306915a8958
- SSDEEP
  
  3072:VYbSBlR85zjsTlYqNExIUXEOavkVQ/PcazWZSM/9vP/r:abuRuzjst7UXEOavoQMazZM/9vP/r
Score

9^/10

credential_access defense_evasion discovery
- Contacts a large (23991) amount of remote hosts
  This may indicate a network scan to discover remotely running services.
  discovery
- Creates a large amount of network flows
  This may indicate a network scan to discover remotely running services.
  discovery
- Modifies Watchdog functionality
  Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.
  defense_evasion
- Enumerates running processes
  Discovers information about currently running processes on the system
- Reads process memory
  Read the memory of a process through the /proc virtual filesystem. This can be used to steal credentials.
  credential_access
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Impair Defenses

Credential Access

OS Credential Dumping

Proc Filesystem

Discovery

Network Service Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

credential_accessdefense_evasiondiscovery

© 2018-2025

Terms | Privacy