mirai | b7a8882a502098f8b51aa06b9c215be250307c4e355f6f7073819d2562f23741 | Triage

Sharing

General

Target

drea4.elf
Size

155KB
Sample

250307-ry7zws1yes
MD5

c1f2972eb772dcdfc5de05ba17fd89fe
SHA1

a67293add206b63c2794a489eb763fcc3f7b7528
SHA256

b7a8882a502098f8b51aa06b9c215be250307c4e355f6f7073819d2562f23741
SHA512

0bdd20297852d2dd7c6c3974eaf9539126ca40ad9068fe0ba1faf9c066f0f9968edf88e58dcfea4b485e3c5f5def62938f25525508d92aa59ae779778ba6c217
SSDEEP

3072:Yrar2mhqodwdRbfW4psvkBSmIW8OWfiXf1:Yr/dpfW4p0kBVIsW6XN

Score

10^/10

mirai botnet defense_evasion discovery

Malware Config

Extracted

Family

mirai

Botnet

BOTNET

Targets

- Target
  
  drea4.elf
- Size
  
  155KB
- MD5
  
  c1f2972eb772dcdfc5de05ba17fd89fe
- SHA1
  
  a67293add206b63c2794a489eb763fcc3f7b7528
- SHA256
  
  b7a8882a502098f8b51aa06b9c215be250307c4e355f6f7073819d2562f23741
- SHA512
  
  0bdd20297852d2dd7c6c3974eaf9539126ca40ad9068fe0ba1faf9c066f0f9968edf88e58dcfea4b485e3c5f5def62938f25525508d92aa59ae779778ba6c217
- SSDEEP
  
  3072:Yrar2mhqodwdRbfW4psvkBSmIW8OWfiXf1:Yr/dpfW4p0kBVIsW6XN
Score

9^/10

defense_evasion discovery
- Contacts a large (5122) amount of remote hosts
  This may indicate a network scan to discover remotely running services.
  discovery
- Deletes itself
- Modifies Watchdog functionality
  Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.
  defense_evasion
- Creates a large amount of network flows
  This may indicate a network scan to discover remotely running services.
  discovery
- Writes file to system bin folder
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Impair Defenses

Credential Access

Discovery

Network Service Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

defense_evasiondiscovery