mirai | 6935ea292bef30e97fa992de971722b328394757b1110f463b265fbd823193f7 | Triage

Submit
Reports

Overview

overview

Static

static

6935ea292b...f7.elf

ubuntu-22.04-amd64

9

Sharing

General

Target

6935ea292bef30e97fa992de971722b328394757b1110f463b265fbd823193f7.elf
Size

45KB
Sample

250307-fgeq8svnw5
MD5

4f349020fa76db2023d0e9a422948f89
SHA1

082013d8f3c22b8b26c1ca4bec749a9745a5976f
SHA256

6935ea292bef30e97fa992de971722b328394757b1110f463b265fbd823193f7
SHA512

e4cd4cf485b1897947f4a19bbd90ebe371992175e0d48fa9c7ccf9fbcae2a6dceb8eea5947427f649054975bcd0aeae7365021d16e5055609b706bede696f262
SSDEEP

768:PXG3LmssrAf2jhyB6KkWkPdCSuRcVqgbRVL9yWER+oe0Bh:PXG3LmssrAf2jhyBPVkVHXVJy/+o7Bh

Score

10^/10

mirai botnet defense_evasion discovery linux

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

6935ea292bef30e97fa992de971722b328394757b1110f463b265fbd823193f7.elf

Resource

ubuntu2204-amd64-20240729-en

defense_evasion discovery

ubuntu-22.04-amd64

8 signatures

150 seconds

Malware Config

Extracted

Family

mirai

Botnet

BOTNET

Targets

- Target
  
  6935ea292bef30e97fa992de971722b328394757b1110f463b265fbd823193f7.elf
- Size
  
  45KB
- MD5
  
  4f349020fa76db2023d0e9a422948f89
- SHA1
  
  082013d8f3c22b8b26c1ca4bec749a9745a5976f
- SHA256
  
  6935ea292bef30e97fa992de971722b328394757b1110f463b265fbd823193f7
- SHA512
  
  e4cd4cf485b1897947f4a19bbd90ebe371992175e0d48fa9c7ccf9fbcae2a6dceb8eea5947427f649054975bcd0aeae7365021d16e5055609b706bede696f262
- SSDEEP
  
  768:PXG3LmssrAf2jhyB6KkWkPdCSuRcVqgbRVL9yWER+oe0Bh:PXG3LmssrAf2jhyBPVkVHXVJy/+o7Bh
Score

9^/10

defense_evasion discovery
- Contacts a large (183669) amount of remote hosts
  This may indicate a network scan to discover remotely running services.
  discovery
- Creates a large amount of network flows
  This may indicate a network scan to discover remotely running services.
  discovery
- Modifies Watchdog functionality
  Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.
  defense_evasion
- Renames itself
- Unexpected DNS network traffic destination
  Network traffic to other servers than the configured DNS servers was detected on the DNS port.
- Enumerates running processes
  Discovers information about currently running processes on the system
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Impair Defenses

Credential Access

Discovery

Network Service Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

defense_evasiondiscovery

© 2018-2025

Terms | Privacy