Overview

overview

10

Static

static

10

0c9ab85d15...a9.elf

ubuntu-24.04-amd64

9

Sharing

Copy URL
Twitter E-mail

General

  • Target

    0c9ab85d15b5533addbfd926d6c526168d95a0980596389d998a01468d1e1ba9.elf

  • Size

    34KB

  • Sample

    250308-dmpsaa1m13

  • MD5

    907426a4ce128f32b2ecb7172d851757

  • SHA1

    bbe2c04c981d22fa5ea0551f6c6c2a241e3ea78a

  • SHA256

    0c9ab85d15b5533addbfd926d6c526168d95a0980596389d998a01468d1e1ba9

  • SHA512

    feb4cc473af3d18432d93f9bffae6df44b8e77bc1333977f886e5c312e2cc76d4da2245499ea46ecda8074727732792d9bed832890f5ba2aa39c6fad2455af30

  • SSDEEP

    768:Uj+6gKDn2fk+HCvKaT7WXESN/KuJ7fkIpll:Uj3r2pankViupsIpll

Score
10/10
miraibotnetdiscoverylinuxrootkit

Malware Config

Extracted

Family

mirai

Botnet

BOTNET

Targets

    • Target

      0c9ab85d15b5533addbfd926d6c526168d95a0980596389d998a01468d1e1ba9.elf

    • Size

      34KB

    • MD5

      907426a4ce128f32b2ecb7172d851757

    • SHA1

      bbe2c04c981d22fa5ea0551f6c6c2a241e3ea78a

    • SHA256

      0c9ab85d15b5533addbfd926d6c526168d95a0980596389d998a01468d1e1ba9

    • SHA512

      feb4cc473af3d18432d93f9bffae6df44b8e77bc1333977f886e5c312e2cc76d4da2245499ea46ecda8074727732792d9bed832890f5ba2aa39c6fad2455af30

    • SSDEEP

      768:Uj+6gKDn2fk+HCvKaT7WXESN/KuJ7fkIpll:Uj3r2pankViupsIpll

    Score
    9/10
    discoveryrootkit

    • Contacts a large (14697) amount of remote hosts

      This may indicate a network scan to discover remotely running services.

      discovery

    • Loads a kernel module

      Loads a Linux kernel module, potentially to achieve persistence

      rootkit

    • Unexpected DNS network traffic destination

      Network traffic to other servers than the configured DNS servers was detected on the DNS port.

    • Creates a large amount of network flows

      This may indicate a network scan to discover remotely running services.

      discovery
    behavioral1

MITRE ATT&CK Enterprise v15

Tasks