mirai | 5ebfaa628075bc3731fb8901e570c63163df5cbdf211ef452d0aeda6877247a8 | Triage

Sharing

General

Target

vejfa5.elf
Size

152KB
Sample

250307-sp8eqsspv8
MD5

c0afbec2c6cf92b8e1d5b16b1d68574e
SHA1

a40cc2ffb03fe2a95a5ee4d455824f7c1365d2e2
SHA256

5ebfaa628075bc3731fb8901e570c63163df5cbdf211ef452d0aeda6877247a8
SHA512

a67bbd925def3c7f093433ad57e7e92a11f7e42eb7debb484f5468dd373c76065c524db35dfa1c72f58455838657b8d2ffa381a2143abd0f9b9240975734fe00
SSDEEP

3072:9vrVWbOn3wtMu4aEptGQ4WuNZC+CnfTd:9vb3wGu4amtGhWu3C+Efp

Score

10^/10

mirai botnet defense_evasion discovery

Malware Config

Extracted

Family

mirai

Botnet

BOTNET

Targets

- Target
  
  vejfa5.elf
- Size
  
  152KB
- MD5
  
  c0afbec2c6cf92b8e1d5b16b1d68574e
- SHA1
  
  a40cc2ffb03fe2a95a5ee4d455824f7c1365d2e2
- SHA256
  
  5ebfaa628075bc3731fb8901e570c63163df5cbdf211ef452d0aeda6877247a8
- SHA512
  
  a67bbd925def3c7f093433ad57e7e92a11f7e42eb7debb484f5468dd373c76065c524db35dfa1c72f58455838657b8d2ffa381a2143abd0f9b9240975734fe00
- SSDEEP
  
  3072:9vrVWbOn3wtMu4aEptGQ4WuNZC+CnfTd:9vb3wGu4amtGhWu3C+Efp
Score

9^/10

defense_evasion discovery
- Contacts a large (5122) amount of remote hosts
  This may indicate a network scan to discover remotely running services.
  discovery
- Deletes itself
- Modifies Watchdog functionality
  Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.
  defense_evasion
- Creates a large amount of network flows
  This may indicate a network scan to discover remotely running services.
  discovery
- Writes file to system bin folder
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Impair Defenses

Credential Access

Discovery

Network Service Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

defense_evasiondiscovery